From 83b3d99d2b47321b7ebb8db6f6ea04f3808bc069 Mon Sep 17 00:00:00 2001 From: "florian@openbsd.org" Date: Mon, 15 Oct 2018 11:28:50 +0000 Subject: upstream: struct sockaddr_storage is guaranteed to be large enough, no need to check the size. OK kn, deraadt OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439 --- sshconnect.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index 6d819279e..52c328111 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.305 2018/09/20 03:30:44 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.306 2018/10/15 11:28:50 florian Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -369,10 +369,6 @@ ssh_create_socket(struct addrinfo *ai) error("getaddrinfo: no addrs"); goto fail; } - if (res->ai_addrlen > sizeof(bindaddr)) { - error("%s: addr doesn't fit", __func__); - goto fail; - } memcpy(&bindaddr, res->ai_addr, res->ai_addrlen); bindaddrlen = res->ai_addrlen; } else if (options.bind_interface != NULL) { -- cgit v1.2.3 From a4fc253f5f44f0e4c47aafe2a17d2c46481d3c04 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 19 Oct 2018 03:12:42 +0000 Subject: upstream: when printing certificate contents "ssh-keygen -Lf /path/certificate", include the algorithm that the CA used to sign the cert. OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd --- ssh-keygen.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 46b3af5a8..e9f405847 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.322 2018/09/14 04:17:44 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.323 2018/10/19 03:12:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2003,8 +2003,9 @@ print_cert(struct sshkey *key) printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), sshkey_cert_type(key)); printf(" Public key: %s %s\n", sshkey_type(key), key_fp); - printf(" Signing CA: %s %s\n", - sshkey_type(key->cert->signature_key), ca_fp); + printf(" Signing CA: %s %s (using %s)\n", + sshkey_type(key->cert->signature_key), ca_fp, + key->cert->signature_type); printf(" Key ID: \"%s\"\n", key->cert->key_id); printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); printf(" Valid: %s\n", valid); -- cgit v1.2.3 From 31b49525168245abe16ad49d7b7f519786b53a38 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 22 Oct 2018 20:05:18 +1100 Subject: Include openssl compatibility. Patch from rosenp at gmail.com via openssh-unix-dev. --- ssh-keysign.c | 1 + ssh_api.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ssh-keysign.c b/ssh-keysign.c index 744ecb4f9..bcd1508c0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -40,6 +40,7 @@ #include #include #include +#include "openbsd-compat/openssl-compat.h" #endif #include "xmalloc.h" diff --git a/ssh_api.c b/ssh_api.c index c84b4e713..e727c0d69 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -29,6 +29,8 @@ #include "ssherr.h" #include "sshbuf.h" +#include "openbsd-compat/openssl-compat.h" + #include int _ssh_exchange_banner(struct ssh *); -- cgit v1.2.3 From c0a35265907533be10ca151ac797f34ae0d68969 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 22 Oct 2018 11:22:50 +1100 Subject: fix compile for openssl 1.0.x w/ --with-ssl-engine bz#2921, patch from cotequeiroz --- openbsd-compat/openssl-compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 8b4a36274..590b66d16 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void) ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); -#if OPENSSL_VERSION_NUMBER < 0x10001000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | -- cgit v1.2.3 From a65784c9f9c5d00cf1a0e235090170abc8d07c73 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 23 Oct 2018 05:56:35 +0000 Subject: upstream: refer to OpenSSL not SSLeay; we're old, but we don't have to act it OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec --- OVERVIEW | 7 ++++--- ssh.c | 6 +++--- sshd.c | 6 +++--- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/OVERVIEW b/OVERVIEW index 515567f45..cec7cd75b 100644 --- a/OVERVIEW +++ b/OVERVIEW @@ -34,11 +34,12 @@ these programs. - Ssh contains several encryption algorithms. These are all accessed through the cipher.h interface. The interface code is - in cipher.c, and the implementations are in libc. + in cipher.c, and the implementations are either in libc or + LibreSSL. Multiple Precision Integer Library - - Uses the SSLeay BIGNUM sublibrary. + - Uses the LibreSSL BIGNUM sublibrary. Random Numbers @@ -158,4 +159,4 @@ these programs. uidswap.c uid-swapping xmalloc.c "safe" malloc routines -$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $ +$OpenBSD: OVERVIEW,v 1.15 2018/10/23 05:56:35 djm Exp $ diff --git a/ssh.c b/ssh.c index 0777c31e4..1e471f5c4 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.494 2018/10/03 06:38:35 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.495 2018/10/23 05:56:35 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -816,7 +816,7 @@ main(int ac, char **av) fprintf(stderr, "%s, %s\n", SSH_RELEASE, #ifdef WITH_OPENSSL - SSLeay_version(SSLEAY_VERSION) + OpenSSL_version(OPENSSL_VERSION) #else "without OpenSSL" #endif @@ -1085,7 +1085,7 @@ main(int ac, char **av) if (debug_flag) logit("%s, %s", SSH_RELEASE, #ifdef WITH_OPENSSL - SSLeay_version(SSLEAY_VERSION) + OpenSSL_version(OPENSSL_VERSION) #else "without OpenSSL" #endif diff --git a/sshd.c b/sshd.c index ba26287ba..66e79a3d2 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.516 2018/09/21 12:23:17 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.517 2018/10/23 05:56:35 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -917,7 +917,7 @@ usage(void) fprintf(stderr, "%s, %s\n", SSH_RELEASE, #ifdef WITH_OPENSSL - SSLeay_version(SSLEAY_VERSION) + OpenSSL_version(OPENSSL_VERSION) #else "without OpenSSL" #endif @@ -1723,7 +1723,7 @@ main(int ac, char **av) debug("sshd version %s, %s", SSH_VERSION, #ifdef WITH_OPENSSL - SSLeay_version(SSLEAY_VERSION) + OpenSSL_version(OPENSSL_VERSION) #else "without OpenSSL" #endif -- cgit v1.2.3 From b9fea45a68946c8dfeace72ad1f6657c18f2a98a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Oct 2018 17:10:35 +1100 Subject: regen depend --- .depend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.depend b/.depend index 2b29e3879..f85557c9c 100644 --- a/.depend +++ b/.depend @@ -143,7 +143,7 @@ ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h opacket.h ssh.o: sshbuf.h channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h log.h authfile.h misc.h -ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h +ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h -- cgit v1.2.3 From 859754bdeb41373d372e36b5dc89c547453addb3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Oct 2018 17:10:41 +1100 Subject: remove remaining references to SSLeay Prompted by Rosen Penev --- configure.ac | 11 ++++++----- entropy.c | 6 ++++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 7379ab358..0d55bece5 100644 --- a/configure.ac +++ b/configure.ac @@ -2602,8 +2602,9 @@ if test "x$openssl" = "xyes" ; then if(fd == NULL) exit(1); - if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), - SSLeay_version(SSLEAY_VERSION))) < 0) + if ((rc = fprintf(fd, "%08lx (%s)\n", + (unsigned long)OpenSSL_version_num(), + OpenSSL_version(OPENSSL_VERSION))) < 0) exit(1); exit(0); @@ -2645,7 +2646,7 @@ if test "x$openssl" = "xyes" ; then #include #include ]], [[ - exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); + exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); ]])], [ AC_MSG_RESULT([yes]) @@ -2673,7 +2674,7 @@ if test "x$openssl" = "xyes" ; then AC_MSG_CHECKING([if programs using OpenSSL functions will link]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ #include ]], - [[ SSLeay_add_all_algorithms(); ]])], + [[ OpenSSL_add_all_algorithms(); ]])], [ AC_MSG_RESULT([yes]) ], @@ -2684,7 +2685,7 @@ if test "x$openssl" = "xyes" ; then AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ #include ]], - [[ SSLeay_add_all_algorithms(); ]])], + [[ OpenSSL_add_all_algorithms(); ]])], [ AC_MSG_RESULT([yes]) ], diff --git a/entropy.c b/entropy.c index c178c00cf..fc710ec23 100644 --- a/entropy.c +++ b/entropy.c @@ -219,9 +219,11 @@ seed_rng(void) #ifndef OPENSSL_PRNG_ONLY unsigned char buf[RANDOM_SEED_SIZE]; #endif - if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay())) + if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, + OpenSSL_version_num())) fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); + "have %lx", (u_long)OPENSSL_VERSION_NUMBER, + OpenSSL_version_num()); #ifndef OPENSSL_PRNG_ONLY if (RAND_status() == 1) { -- cgit v1.2.3 From 406a24b25d6a2bdd70cacd16de7e899dcb2a8829 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 26 Oct 2018 13:43:28 +1100 Subject: fix builds on OpenSSL <= 1.0.x I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API to obtain version number, but they don't. --- configure.ac | 9 ++++++++- openbsd-compat/openssl-compat.h | 6 ++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0d55bece5..a4109effc 100644 --- a/configure.ac +++ b/configure.ac @@ -2601,7 +2601,11 @@ if test "x$openssl" = "xyes" ; then fd = fopen(DATA,"w"); if(fd == NULL) exit(1); - +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define OpenSSL_version_num SSLeay +# define OpenSSL_version SSLeay_version +# define OPENSSL_VERSION SSLEAY_VERSION +#endif if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)OpenSSL_version_num(), OpenSSL_version(OPENSSL_VERSION))) < 0) @@ -2646,6 +2650,9 @@ if test "x$openssl" = "xyes" ; then #include #include ]], [[ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define OpenSSL_version_num SSLeay +#endif exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); ]])], [ diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 9e0264c04..0fbf60df4 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -33,6 +33,12 @@ int ssh_compatible_openssl(long, long); # error OpenSSL 0.9.8f or greater is required #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define OpenSSL_version_num SSLeay +# define OpenSSL_version SSLeay_version +# define OPENSSL_VERSION SSLEAY_VERSION +#endif + #if OPENSSL_VERSION_NUMBER < 0x10000001L # define LIBCRYPTO_EVP_INL_TYPE unsigned int #else -- cgit v1.2.3 From 262d81a259d4aa1507c709ec9d5caa21c7740722 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 27 Oct 2018 16:45:59 +1100 Subject: Check for the existence of openssl version funcs. Check for the existence of openssl version functions and use the ones detected instead of trying to guess based on the int32 version identifier. Fixes builds with LibreSSL. --- configure.ac | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index a4109effc..10696513f 100644 --- a/configure.ac +++ b/configure.ac @@ -2585,6 +2585,9 @@ if test "x$openssl" = "xyes" ; then ] ) + # Determining OpenSSL library version is version dependent. + AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) + # Determine OpenSSL library version AC_MSG_CHECKING([OpenSSL library version]) AC_RUN_IFELSE( @@ -2601,10 +2604,14 @@ if test "x$openssl" = "xyes" ; then fd = fopen(DATA,"w"); if(fd == NULL) exit(1); -#if OPENSSL_VERSION_NUMBER < 0x10100000L -# define OpenSSL_version_num SSLeay +#ifndef OPENSSL_VERSION +# define OPENSSL_VERSION SSLEAY_VERSION +#endif +#ifndef HAVE_OPENSSL_VERSION # define OpenSSL_version SSLeay_version -# define OPENSSL_VERSION SSLEAY_VERSION +#endif +#ifndef HAVE_OPENSSL_VERSION_NUM +# define OpenSSL_version_num SSLeay #endif if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)OpenSSL_version_num(), @@ -2650,8 +2657,8 @@ if test "x$openssl" = "xyes" ; then #include #include ]], [[ -#if OPENSSL_VERSION_NUMBER < 0x10100000L -# define OpenSSL_version_num SSLeay +#ifndef HAVE_OPENSSL_VERSION_NUM +# define OpenSSL_version_num SSLeay #endif exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); ]])], -- cgit v1.2.3 From c801b0e38eae99427f37869370151b78f8e15c5d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 28 Oct 2018 14:34:12 +1100 Subject: Use detected version functions in openssl compat. Use detected functions in compat layer instead of guessing based on versions. Really fixes builds with LibreSSL, not just configure. --- openbsd-compat/openssl-compat.h | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 0fbf60df4..28e4fc360 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -21,6 +21,7 @@ #ifdef WITH_OPENSSL #include +#include #include #include #include @@ -33,12 +34,18 @@ int ssh_compatible_openssl(long, long); # error OpenSSL 0.9.8f or greater is required #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L -# define OpenSSL_version_num SSLeay -# define OpenSSL_version SSLeay_version +#ifndef OPENSSL_VERSION # define OPENSSL_VERSION SSLEAY_VERSION #endif +#ifndef HAVE_OPENSSL_VERSION +# define OpenSSL_version(x) SSLeay_version(x) +#endif + +#ifndef HAVE_OPENSSL_VERSION_NUM +# define OpenSSL_version_num SSLeay +#endif + #if OPENSSL_VERSION_NUMBER < 0x10000001L # define LIBCRYPTO_EVP_INL_TYPE unsigned int #else -- cgit v1.2.3 From 6ab75aba340d827140d7ba719787aabaf39a0355 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 28 Oct 2018 15:16:31 +1100 Subject: Update required OpenSSL versions to match current. --- INSTALL | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/INSTALL b/INSTALL index 3fd265dbf..f1f8f00f3 100644 --- a/INSTALL +++ b/INSTALL @@ -13,15 +13,15 @@ OpenSSL) Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems): http://www.gzip.org/zlib/ -libcrypto (LibreSSL or OpenSSL >= 1.0.1 < 1.1.0) -LibreSSL http://www.libressl.org/ ; or -OpenSSL http://www.openssl.org/ +libcrypto from either of: + - LibreSSL (http://www.libressl.org/) + - OpenSSL 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g (http://www.openssl.org/) LibreSSL/OpenSSL should be compiled as a position-independent library (i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. If you must use a non-position-independent libcrypto, then you may need -to configure OpenSSH --without-pie. Note that because of API changes, -OpenSSL 1.1.x is not currently supported. +to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit +OpenSSL 1.1 versions prior to 1.1.0g can't be used. The remaining items are optional. -- cgit v1.2.3 From 595605d4abede475339d6a1f07a8cc674c11d1c3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 28 Oct 2018 15:18:13 +1100 Subject: Update check for minimum OpenSSL version. --- openbsd-compat/openssl-compat.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 28e4fc360..94c750b7f 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -30,8 +30,8 @@ int ssh_compatible_openssl(long, long); -#if (OPENSSL_VERSION_NUMBER <= 0x0090805fL) -# error OpenSSL 0.9.8f or greater is required +#if (OPENSSL_VERSION_NUMBER <= 0x1000100fL) +# error OpenSSL 1.0.1 or greater is required #endif #ifndef OPENSSL_VERSION -- cgit v1.2.3 From 3719df60c66abc4b47200d41f571d67772f293ba Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 31 Oct 2018 22:21:03 +1100 Subject: Import new moduli. --- moduli | 878 +++++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 451 insertions(+), 427 deletions(-) diff --git a/moduli b/moduli index 372c382a2..4c6947361 100644 --- a/moduli +++ b/moduli @@ -1,428 +1,452 @@ -# $OpenBSD: moduli,v 1.22 2018/09/20 08:07:03 dtucker Exp $ +# $OpenBSD: moduli,v 1.23 2018/10/31 11:20:04 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20180403031539 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A591E4B57 -20180403031604 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5923D0DB -20180403031626 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A592B11B7 -20180403031845 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A59715A73 -20180403032143 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A59CDE963 -20180403032347 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5A11B463 -20180403032438 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5A2BBC5F -20180403032617 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5A6308C3 -20180403032923 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5ADA5523 -20180403033405 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5B9A6B37 -20180403033427 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5B9F8E27 -20180403033655 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C00897F -20180403033742 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C172DBB -20180403033837 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C33AEAB -20180403033952 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C5F6067 -20180403034409 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5CEE2AD7 -20180403034453 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5CFFE4F3 -20180403034601 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5D1A691B -20180403035311 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5E04B193 -20180403035645 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5E75D66F -20180403035724 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5E864847 -20180403035828 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5EA44DCF -20180403035953 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5ECCB51B -20180403040048 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5EE55A9F -20180403040339 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5F4D5E6F -20180403040523 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5F8939A3 -20180403040638 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5FB85E8B -20180403040715 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5FCC3033 -20180403041128 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A60755C57 -20180403041637 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336541B76F -20180403041935 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3365BF1D13 -20180403042035 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3365E41E47 -20180403042109 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3365F700BB -20180403042214 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336624FF2B -20180403042419 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336687845B -20180403042507 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3366A8266B -20180403042626 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3366E23603 -20180403042722 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367059073 -20180403042819 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367289EC3 -20180403042928 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367519D23 -20180403042946 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336758BFC3 -20180403043032 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336774A8EB -20180403043218 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367BAAE3F -20180403043245 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367C6B5CB -20180403043522 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3368340BB3 -20180403043954 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B33690CEBC3 -20180403044107 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B33693DA563 -20180403044245 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B33697A63FB -20180403044527 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3369F3CAFF -20180403044559 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A09E6EB -20180403044611 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A0C4F53 -20180403044719 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A4348BF -20180403044820 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A6E3193 -20180403044844 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A7A9C7F -20180403045235 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336B2E2173 -20180403045518 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336BAD847B -20180403045629 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336BE29A4B -20180403045953 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336C865153 -20180403050042 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336CA6948F -20180403055314 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57012EEDBB -20180403055637 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57015FFFAB -20180403060753 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57021C5763 -20180403061035 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570243FBBB -20180403061925 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5702CE55A3 -20180403062241 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5702FA4263 -20180403062828 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5703495AD7 -20180403063232 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570383322F -20180403063441 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57039D0EE7 -20180403065803 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5704F5DFCB -20180403070250 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570535A157 -20180403071043 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5705AD5B2B -20180403072237 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57066B3AFF -20180403072347 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5706763D5B -20180403072612 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570696B733 -20180403073322 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5707062E2B -20180403073825 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5707547607 -20180403073948 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570762843F -20180403074104 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57076EC3DB -20180403074403 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570799DD63 -20180403074828 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5707D93973 -20180403075240 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570814F21B -20180403075918 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570878D0DB -20180403080045 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708890F47 -20180403080212 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570898D8B3 -20180403080523 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708C1E14B -20180403080854 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708EEE0AF -20180403081003 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708F7F537 -20180403081710 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570961D7DB -20180403082007 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570988E91B -20180403082804 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570A02958B -20180403084609 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B1FC24F -20180403084705 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B262033 -20180403084905 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B3DD5AB -20180403085348 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B82B95B -20180403090858 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570C6C2E5F -20180403091014 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570C766563 -20180403092356 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570D49B077 -20180403092842 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570D8D7FEB -20180403093424 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570DE274D7 -20180403093850 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570E28C2BB -20180403094634 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570EA36EDF -20180403094738 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570EACDABB -20180403095906 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570F67B813 -20180403101909 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5710AFC157 -20180403102057 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5710C6E1FB -20180403102257 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5710DF2FD7 -20180403102711 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57111EFB2F -20180403104106 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5711F3B14F -20180403104411 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5712188817 -20180403104503 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57121EA02F -20180403104712 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57123CDA13 -20180403104901 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57125332B3 -20180403105756 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE03762997 -20180403111214 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0468815B -20180403111819 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE04C53C43 -20180403111907 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE04CAC50F -20180403112635 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0540031F -20180403113403 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE05B956F7 -20180403113943 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0619B7F3 -20180403114045 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE06220B07 -20180403114120 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0622E517 -20180403115211 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE06D363E7 -20180403115424 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE06F22507 -20180403115558 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE070516F3 -20180403115753 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE071E3297 -20180403115927 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0731011F -20180403121723 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE085D2303 -20180403122312 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE08B88A7F -20180403123158 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE09563C53 -20180403123328 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0969A18F -20180403123534 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE09876D27 -20180403124247 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE09F3F4CF -20180403124446 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0A10443F -20180403125400 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0AA6560F -20180403131328 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0BF05873 -20180403131708 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0C28FCF3 -20180403132618 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0CC05D43 -20180403140905 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0FBCA05B -20180403141813 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE1054C7EF -20180403143434 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE1176152B -20180403143933 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE11C90E93 -20180403144751 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE125A12D3 -20180403145406 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE12C4F6CF -20180403145448 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE12CA246F -20180403145549 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE12D582AB -20180403150132 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE13386F43 -20180403150512 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE1373A2CB -20180403150605 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE137CA7DB -20180403151404 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE140AEF53 -20180403152834 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE14BB5263 -20180403164629 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F2ACFC43 -20180403173943 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F45D568B -20180403183028 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F603359B -20180403183423 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F61BDC27 -20180403194550 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F877D863 -20180403202122 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F9A0304B -20180403210313 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FAFCEC73 -20180403213851 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FC2F80FF -20180403215353 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FCA8B737 -20180403222440 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FDAD53EF -20180403224035 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FE2EF2E3 -20180403224214 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FE343553 -20180403234157 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446002B2C0F -20180404012449 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446038F5C77 -20180404012740 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446039F760B -20180404013701 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44603E742CF -20180404024209 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460610756B -20180404034850 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446083DCDA7 -20180404035100 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446084796E3 -20180404035224 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446084ACD8B -20180404040621 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44608BABFE3 -20180404043706 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44609B60613 -20180404044213 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44609DB5067 -20180404050247 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460A8585C3 -20180404053546 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460B94238B -20180404054127 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460BBC6C0B -20180404060250 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460C67CBB7 -20180404061330 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460CA93683 -20180404084828 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446115943A3 -20180404085435 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4461181EE57 -20180404093010 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B396361597 -20180404100034 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3973953BB -20180404112136 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B399EA8DDF -20180404112714 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39A1427A3 -20180404115040 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39AD94553 -20180404130727 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39D6ABE8B -20180404132841 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39E19247F -20180404140647 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39F5CFEAB -20180404144308 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A087B8A7 -20180404154403 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A271BD2F -20180404155315 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A2B7E4DF -20180404164237 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A451FC23 -20180404165126 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A494B437 -20180404172833 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A5C78E83 -20180404175448 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A6A037D3 -20180404183147 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A7D443E3 -20180404183316 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A7D883F3 -20180404190024 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A8B7BF5F -20180404194132 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AA11DC3B -20180404195020 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AA5664E3 -20180404195123 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AA56EAF3 -20180404202233 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AB5A9C37 -20180404202802 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AB8229D3 -20180404203244 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3ABA0DD8B -20180404203913 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3ABCF8F47 -20180404210704 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3ACB6CB0B -20180404213123 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AD7FE977 -20180404223506 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AF9772FB -20180404225041 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B016049F -20180404225753 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B04C3C37 -20180404230652 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B092364B -20180404231941 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B0F7D807 -20180404232637 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B127CC5B -20180404233306 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B154E443 -20180405003707 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B373FAF3 -20180405012137 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B4E4FE3B -20180405071813 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436983FC590B -20180405072141 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436983FCDA2F -20180405132535 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698806F173 -20180405133926 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436988262AB7 -20180405165648 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698A47BC0B -20180405195101 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698C28BB2F -20180405213026 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698D395FBB -20180405220015 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698D843327 -20180405231702 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698E544067 -20180406025336 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436990AEC063 -20180406035121 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699149227B -20180406063935 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436992C6FC43 -20180406115213 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436995ACE13F -20180406155248 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436997C8EA27 -20180406170431 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436998593AD3 -20180406184640 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699940ADB7 -20180407000748 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699C562CCB -20180407041558 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699EECE453 -20180407070330 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A0B1D577 -20180407100408 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A29D405B -20180407103952 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A2F83A33 -20180407123940 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A43ACBEB -20180407154812 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A62F48B7 -20180407170835 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A704C5AF -20180407175007 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A76C88B7 -20180407184438 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A7F65E03 -20180407195743 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A8B41617 -20180408071229 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369AFC7905B -20180408075553 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369B03562E7 -20180408124736 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369B3416E27 -20180408125929 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369B35942B3 -20180409023705 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369BBCCDCBB -20180409072217 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369BEB6303F -20180409124237 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C1F95DB3 -20180409150941 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C3A97BA7 -20180409162805 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C56C92A7 -20180409185627 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C8DC8A0F -20180409201511 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E047122A7 -20180409212042 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E06189297 -20180410021123 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E0D35B28F -20180410022638 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E0D8CA623 -20180410024637 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E0E02E03F -20180410063306 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E1393582B -20180410063848 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E13B0682B -20180410071153 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E147AB73B -20180410082253 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E16363257 -20180410101335 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E18F03B13 -20180410105609 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E19F1DE37 -20180410152104 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E205A4ACB -20180410153733 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E20B2606F -20180410175655 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E240655BF -20180410204830 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E281EDA87 -20180410231426 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E2B95718B -20180410233438 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E2C0621C7 -20180410234833 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E2C5297E3 -20180411035657 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E32375BE3 -20180411053901 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3499E12F -20180411073150 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3738967B -20180411073910 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E375B7807 -20180411075734 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E37C0C66B -20180411081855 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E383A5BCB -20180411093848 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3A0D60EB -20180411094657 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3A351317 -20180411110541 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3C08A7A7 -20180411120731 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3D6EB9BB -20180411130125 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3EAD50F3 -20180411151653 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E41CC6D9F -20180411152943 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E4210423B -20180411184911 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E46A13843 -20180411191726 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E473E26CF -20180411205712 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E498A1853 -20180411212652 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E4A2D607F -20180411215657 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E4AD99963 -20180412095549 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D1E908A07 -20180412222127 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D28C808CB -20180413014812 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D2B32FFD3 -20180413033600 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D2C8AD64F -20180413142737 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D34F03213 -20180413150907 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D35714FEF -20180413164654 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D36BB8D1B -20180413202724 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D39A4E13B -20180413203949 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D39C6A4FB -20180413211909 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D3A44F883 -20180414010718 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D3D3D3257 -20180414125221 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D467C1523 -20180414181319 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D4AA2837B -20180414202910 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D4C60657F -20180414210359 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D4CCB3D87 -20180415054313 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D53659F57 -20180415133017 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D596ABEFF -20180415160204 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D5B5415B7 -20180415222232 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6018A3AB -20180415224834 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6064EF13 -20180416005338 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D61F17307 -20180416021119 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D62E1D04F -20180416083930 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D67B78127 -20180416182014 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6EDFEF6B -20180416190916 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6F71FA97 -20180416195012 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6FE60F77 -20180417005002 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D737F03EF -20180417031611 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D75497E7B -20180417042601 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D761E7D7F -20180417230051 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D83ABCCEF -20180417231044 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D83C22B2F -20180418011858 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D8545B2B3 -20180418054538 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA00823770B -20180418071157 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA00950BDC3 -20180418085254 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA00AAFBDDB -20180418174929 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA01225DA53 -20180418210652 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA014D6E5DF -20180418211238 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA014E1D75B -20180418224228 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA016133603 -20180418233547 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA016C53D1F -20180419053435 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA01B7B0413 -20180419055744 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA01BC212DB -20180419135850 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA022362F53 -20180419162659 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA02429C813 -20180419214419 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA0286020EF -20180420033054 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA02CE157FF -20180420033355 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA02CE22F0F -20180420131137 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03463D903 -20180420174655 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA037E8E853 -20180420224816 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03BC5BAEB -20180421002804 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03CFF8483 -20180421033707 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03F5CEF07 -20180421044121 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04029ED83 -20180421054539 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA040F07753 -20180421080206 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA042A70927 -20180421084346 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04323E033 -20180421135101 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04708373F -20180421220150 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04D33A023 -20180421233337 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04E52D9FF -20180422094542 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA055FBBC03 -20180422151643 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA05A0B8E53 -20180422163933 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA05B02DF5B -20180423004105 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA060EDD493 -20180423045850 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA06410777F -20180423175352 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA06D85A5C3 -20180424034739 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA074B2314F -20180424155916 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFACFC9C07 -20180424222331 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFB180A887 -20180425154127 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFBD59073B -20180426001519 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFC3391D93 -20180426011753 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFC3E66CFF -20180426121313 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFCB4C31C7 -20180426192735 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFD02C1487 -20180427041246 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFD60EF383 -20180427102113 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFD9FE975B -20180427110709 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFDA77CFC7 -20180427115833 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFDB032A8F -20180427231209 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFE24BAFE7 -20180428032748 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFE509AE73 -20180428050334 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFE60622B3 -20180428204832 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF035C75F -20180428220506 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF0FF9743 -20180428221212 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF108842F -20180429040829 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF4BDEDDF -20180429045604 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF5372357 -20180429052346 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF57C9113 -20180429053535 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF591B0F3 -20180429234833 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D000DBC47B -20180430061137 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D004DD4873 -20180430071004 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D0056DDF9F -20180430074559 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D005C5181B -20180430091811 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D006B26D17 -20180430191732 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D00CD17013 -20180501005739 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01047BA13 -20180501022059 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01117B47B -20180501025617 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D0116B88A7 -20180501031400 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01190866F -20180501201356 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01BDDAB3B -20180501204003 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01C18942F -20180502033416 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D02024C2DB -20180502214537 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED639CFC883 -20180503020255 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED63CD06DCB -20180503022319 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED63D0368DF -20180503125648 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6446836FF -20180503155809 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED64679B30F -20180503191156 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED648AEA87F -20180504050354 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED64F75441F -20180504071143 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED650DC49F3 -20180504084722 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED651F00D33 -20180504103430 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65316D0B7 -20180504105453 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65348CDBB -20180504234946 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65BF5CBBF -20180505042813 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65F0A04E7 -20180505043446 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65F133337 -20180505082348 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6618FACC3 -20180505142452 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED665916E9B -20180505191845 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED668B9BE0B -20180506011717 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED66CA10377 -20180506064643 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED67028E243 -20180506091931 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED671CB9597 -20180506094237 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED67201565B -20180506200807 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED678BDEA8B -20180507012051 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED67C15F093 -20180507102714 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED681E510A7 -20180507105523 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6822806B3 -20180507204038 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6885CE023 -20180508025258 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED68C4A13A7 -20180508064503 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED68EAB2CC7 -20180508094511 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED69078137B -20180509200633 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A5AB6E77 -20180509233450 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A7C34C7F -20180510003712 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A85E2007 -20180510011010 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A8ABBDA3 -20180510075358 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6AC65344B -20180510102028 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6ADD74BF3 -20180510111207 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6AE56234B -20180510122304 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6AF06789F +20180920083436 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0BE8103 +20180920083444 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0C7C3CF +20180920083448 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0C8204B +20180920083506 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0E7A6DB +20180920083516 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0F5096B +20180920083532 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE11027BF +20180920083549 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE12EA013 +20180920083601 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE13F42E7 +20180920083617 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE15AA2C3 +20180920083643 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE18AB6BB +20180920083714 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE1C69837 +20180920083747 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE207143B +20180920083825 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE24E3977 +20180920083852 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2843EE7 +20180920083857 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE285908B +20180920083917 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2A7511B +20180920083924 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2B08EBF +20180920083936 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2C326CF +20180920083953 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2E0BCBB +20180920084017 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE30D862B +20180920084034 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE32AADEF +20180920084040 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE32F8FDB +20180920084114 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE372E443 +20180920084154 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE3C3748F +20180920084236 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4158847 +20180920084247 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4262F2F +20180920084310 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE452029F +20180920084323 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE467FAEB +20180920084353 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4A3A77B +20180920084435 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4F4FEC3 +20180920084446 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE50404F3 +20180920084451 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE50889BB +20180920084547 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE57A3D23 +20180920084627 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5CC4913 +20180920084636 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5D944FB +20180920084649 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5EF41F7 +20180920084732 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE646894F +20180920084755 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE670C3B7 +20180920084818 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE69AD617 +20180920084821 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE69AE223 +20180920084833 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE6ADE1B3 +20180920084844 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE6BD0ACF +20180920085036 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7ACC18B +20180920085043 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7B37CAB +20180920085052 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7BF34CF +20180920085121 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7F719A3 +20180920085126 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7F7A70F +20180920085132 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7FD3383 +20180920085137 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7FF6C03 +20180920085143 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE806800F +20180920085147 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE807F56B +20180920085153 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE80BD7DF +20180920085205 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE81F7F6F +20180920085257 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE88D9BB7 +20180920085403 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79F990A17 +20180920085428 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79FC4B55B +20180920085452 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79FF25EFF +20180920085519 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0250433 +20180920085620 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0A900D3 +20180920085639 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0C7B767 +20180920085651 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0DB38C3 +20180920085658 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0E45E73 +20180920085744 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A13B7883 +20180920085800 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A155F0FF +20180920085834 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A19802C3 +20180920085838 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A198FC0B +20180920085854 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A1B38723 +20180920085908 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A1CBBC3F +20180920090009 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A24638B7 +20180920090031 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A26FE49F +20180920090036 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A272126F +20180920090057 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2962B0B +20180920090107 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2A69E27 +20180920090148 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2F49F9B +20180920090155 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2FC98C7 +20180920090222 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A32E8983 +20180920090227 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A332034B +20180920090238 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A341BC13 +20180920090357 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A3E82A8B +20180920090414 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A405F593 +20180920090443 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A44029BB +20180920090533 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4A62F13 +20180920090600 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4D96A23 +20180920090616 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4F1B05B +20180920090637 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5184683 +20180920090705 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A549FBCF +20180920090716 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5593157 +20180920090727 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5681F87 +20180920090741 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A57EC4B3 +20180920090828 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5DD04FF +20180920090834 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5E3B3D7 +20180920090935 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A660A94F +20180920091000 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A68FC267 +20180920094201 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11528E4B7 +20180920094613 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B115D90A53 +20180920094828 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116301C17 +20180920094842 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11631DCAF +20180920095300 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116E4CA3B +20180920095312 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116E4E133 +20180920095413 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B117068663 +20180920095436 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1170E270F +20180920100204 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1184656D3 +20180920100341 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11883D577 +20180920100505 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118B728DB +20180920100550 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118D00F87 +20180920100609 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118D567E7 +20180920100942 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1196905F7 +20180920101027 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11980B233 +20180920101047 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B119877CCB +20180920101204 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B119B78FAF +20180920101600 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11A5CA257 +20180920102200 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B5728B7 +20180920102235 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B698D4F +20180920102336 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B8BE2EF +20180920102711 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11C1D39BB +20180920102826 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11C4B4083 +20180920103322 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11D1356A7 +20180920103630 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11D93FB63 +20180920103932 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11E0CAEBB +20180920104303 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11E9CB9E3 +20180920104717 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11F4E4B63 +20180920104816 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11F72025B +20180920105139 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11FFAA343 +20180920105211 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B120087713 +20180920105407 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B12052E023 +20180920105834 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1210F24F7 +20180920110033 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1215A8893 +20180920110055 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B12161A467 +20180920111239 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1234E3F83 +20180920111553 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B123D4E7B7 +20180920113107 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BD211E4B +20180920113301 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BD69A2F3 +20180920113601 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BDE3D567 +20180920113838 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BE4DA06B +20180920114445 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BF499357 +20180920114933 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C00F4FE3 +20180920115406 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C0C7C2CF +20180920115734 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C159195F +20180920120001 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C1B99ABF +20180920120514 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C29330EB +20180920120628 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C2C100E7 +20180920120657 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C2CD60CF +20180920120944 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C33CEF4F +20180920121341 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C3E0892F +20180920121628 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C44E0077 +20180920121700 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C45D1D9F +20180920121822 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C493C143 +20180920122041 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C4EF9D0B +20180920122429 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C5898C03 +20180920122505 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C59B843B +20180920122536 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C5A94107 +20180920122806 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C60D5BBB +20180920123304 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C6DD0793 +20180920123753 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C7A1DB4B +20180920124152 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C842B8B7 +20180920124601 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C8EEDABB +20180920124906 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C96EA9B7 +20180920125743 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CAE0E013 +20180920125855 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB0BFEAB +20180920125915 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB10BF07 +20180920130235 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB9812B3 +20180920130731 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CC62B69B +20180920130910 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CC9EFAAB +20180920131150 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD0A69F7 +20180920131303 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD357E3F +20180920131355 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD51C05F +20180920131419 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD5A0C83 +20180920131529 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD82F3D3 +20180920134626 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1925064B +20180920135427 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A19BA1E2B +20180920141147 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1B0331C7 +20180920145454 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1E40577F +20180920150140 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1EBA2BA3 +20180920161629 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A24551BC7 +20180920163144 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A256E6A8B +20180920164626 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26848667 +20180920164921 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26B3187F +20180920165252 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26EC656B +20180920165723 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A273A8833 +20180920170336 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A27A959BF +20180920170729 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A27EBBC83 +20180920171833 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A28B88307 +20180920173958 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2A47E5BF +20180920174751 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2AD76CDB +20180920175337 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2B3F16FF +20180920180736 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2C416607 +20180920181108 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2C7C62CF +20180920182003 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2D1C8377 +20180920183639 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2E532EF7 +20180920185506 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2FAEF903 +20180920190842 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A30A680FB +20180920193433 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A328D6FAB +20180920193735 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A32BD423F +20180920194925 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A339269AB +20180920200058 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A34692BDB +20180920200225 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A347B8EFF +20180920200812 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A34DFF2BB +20180920202050 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A35C67F5F +20180920204239 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A3758AE93 +20180920204648 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A379DD5F3 +20180920212404 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C3B843C3 +20180920212755 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C3FC854F +20180920213937 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C4D5B923 +20180920214830 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C578D833 +20180920215602 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C60301F7 +20180920222334 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C80CD293 +20180920223427 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C8D7E023 +20180920224739 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C9CDF40F +20180920224953 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C9EF64FB +20180920225400 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CA3777C7 +20180920225652 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CA6853C3 +20180920230359 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CAE81C2F +20180920233313 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CD0FC883 +20180920233505 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CD297D7B +20180920234143 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CDA00627 +20180920235433 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CE8651DF +20180920235640 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CEA46B8F +20180921000133 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CEFBF913 +20180921001904 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D039AC1B +20180921002105 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D0557A5B +20180921003739 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D184F8BB +20180921004140 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D1C803A3 +20180921004415 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D1F094A7 +20180921004716 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D21F8203 +20180921005129 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D268646B +20180921010446 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D3556B5B +20180921013214 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D556768F +20180921014417 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D62CB7EF +20180921021218 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D835583B +20180921023434 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D9D786F3 +20180921024155 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DA550ABB +20180921031006 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DC5EBE23 +20180921031034 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DC5EC45F +20180921032220 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD2F3B53 +20180921032554 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD68BE4B +20180921032729 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD7D755B +20180921034633 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DED7E937 +20180921035421 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DF60EDC7 +20180921035905 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DFAC40E3 +20180921041542 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002E0D7FD93 +20180921042022 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002E12169CB +20180921053713 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC509A2DF +20180921055252 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC560A423 +20180921065744 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC6F28D1F +20180921071557 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC75F93C3 +20180921113009 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4ACDA5C3BF +20180921133701 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD0A30BD7 +20180921151331 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD2DFFEAB +20180921154930 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD3B43EF3 +20180921162910 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD4A147DB +20180921183414 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD79B0197 +20180921184903 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD7F055F3 +20180921190227 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD837F15B +20180922004824 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE097172B +20180922040435 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE5403DDB +20180922052522 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE71BA84B +20180922073622 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEA2D28E3 +20180922084529 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEBD11737 +20180922095510 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AED6CB613 +20180922100442 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEDA11D23 +20180922102739 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEE243617 +20180922111522 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEF3698BF +20180922122645 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF0DFB873 +20180922135149 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF2D2C0A3 +20180922135535 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF2DFCAFB +20180922143740 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF3D211A3 +20180922150118 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF45675DB +20180922161720 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF614E323 +20180922174324 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF80E023F +20180922183959 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF956439F +20180922202104 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFBAC649B +20180922210150 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFC958F53 +20180922213354 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFD502EE3 +20180922232002 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFFC84A6B +20180923014322 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B031123EB +20180923030251 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B04EC8B2B +20180923042422 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B06C56A47 +20180923075109 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B0B7BA467 +20180923091429 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1949920F8B +20180923122354 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB194E3CB3E3 +20180923132927 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB194FD1CDE7 +20180923135953 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB195089F093 +20180923141725 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1950F052F7 +20180923153745 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1952DF5333 +20180923161625 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1953CC5B37 +20180923174651 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1955FDACA3 +20180923174907 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB195602AE57 +20180923185706 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1957A5593B +20180923201932 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1959A6D687 +20180924141921 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973A572FF +20180924142936 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973D9C983 +20180924143229 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973E18163 +20180924144304 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19741666EB +20180924164032 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1976CE68FB +20180924164811 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1976F40FA7 +20180924172248 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1977BCD9FB +20180924193420 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197ACC31C7 +20180924195813 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197B54F0A3 +20180924213953 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197DA923D7 +20180924220006 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197E18BC83 +20180924221925 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197E83B0E7 +20180924230442 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197F8509D7 +20180925002733 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198168A38B +20180925022629 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19842450D7 +20180925032318 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19856CA53F +20180925033018 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19858EBEEB +20180925033504 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1985A24167 +20180925040411 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19864B479F +20180925075729 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198B9EEEC3 +20180925083607 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198C77AA37 +20180925142730 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416C2EDFD4B +20180926003216 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416CB3AFEA3 +20180926041318 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416CE37F7FB +20180926074350 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D109F343 +20180926090735 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D2224817 +20180926125425 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D526B7D3 +20180926162303 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D7F88093 +20180926165118 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D85194CB +20180926224609 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DD089B0F +20180926225812 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DD2A3B6B +20180927013355 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DF3A214F +20180927022646 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DFE1C77F +20180927025105 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E02B64E3 +20180927073721 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E3F7C30F +20180927091345 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E533987B +20180927094940 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E5A3AA83 +20180927172504 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416EB936ECF +20180927221028 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416EF491CEF +20180928031538 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F33826BF +20180928061816 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F58E9E8B +20180928065908 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F6069543 +20180928120844 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F9FC5BCB +20180928170131 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416FDB2EF23 +20180928221854 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B41701B64E6B +20180929042224 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B417064EC2FF +20180929093251 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170A2F02DB +20180929124700 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170C92055B +20180929125705 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170CA966AF +20180929140557 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170D7B99EB +20180929225234 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171409B02B +20180930030835 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B417172F0403 +20180930110353 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171D11BFBF +20180930124634 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171E461903 +20180930150219 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171FE2013B +20181001021616 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4172812EAEB +20181001072125 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4172BC07FE7 +20181001133408 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B41730368927 +20181002022928 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4608E66C77 +20181002041648 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C460A539D5F +20181002080547 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C460D765A73 +20181002132925 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4611D8F2D7 +20181002195913 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46170D027F +20181003044410 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461E0FB427 +20181003045243 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461E245A3F +20181003065635 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461FC358AF +20181003081458 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4620C4118B +20181003091804 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4621936EAF +20181003093652 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4621C96C57 +20181003213125 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C462B2BBD5B +20181004064641 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4632523CCF +20181004083341 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4633A72497 +20181004113212 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4635EC630B +20181004123633 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4636B93337 +20181004144119 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C463844D7C3 +20181005025309 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4641A155C7 +20181005044622 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46430AFEB3 +20181005053156 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464390BAB3 +20181005074342 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464535BB4B +20181005094350 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4646B220EF +20181005154803 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464B3844E3 +20181005164416 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464BE2332F +20181005203233 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464EAB7A73 +20181006030808 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46538BEADB +20181006045927 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4654E5E903 +20181006134442 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465B551BBB +20181006162315 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465D3CDE9F +20181006171548 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465DD9203F +20181006173731 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465E163313 +20181006214027 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466102759F +20181007065411 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4667A72DC3 +20181007123656 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466BB5F597 +20181007145027 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466D436643 +20181007184043 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C467005CF4B +20181007223658 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211133D9A97 +20181008074149 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21119A92B8B +20181008163451 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2111FD14FAB +20181008224318 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211241066AB +20181009003245 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211254A0343 +20181009070543 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21129CA56FB +20181009111433 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2112C8E0D93 +20181009152706 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2112F6601C7 +20181009164722 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2113048398B +20181009203858 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21132D1168F +20181010040332 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21137C65BFB +20181011070638 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21149914247 +20181011150252 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2114EAE7D3B +20181011153554 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2114EFEE58B +20181011234311 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211542C97AF +20181012043844 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21157397D47 +20181012060434 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115803DB63 +20181012142459 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115CF3077F +20181012162028 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115E1C6FCB +20181012182332 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115F5E2D97 +20181012182843 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115F623A23 +20181012201834 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211608810CB +20181012223139 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21161EAF243 +20181013114842 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2116A336C63 +20181013221122 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21170A23417 +20181013221710 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21170A81107 +20181014032132 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21173C1D793 +20181014035731 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117416EF17 +20181014044029 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211747D7B4B +20181014092738 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117764D6CF +20181014125735 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21179863787 +20181014151837 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117AE70AF7 +20181014175821 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117C7CCCA7 +20181014225732 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117F8262DB +20181014233346 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117FD8EA63 +20181015001106 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211803251C3 +20181015101051 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21185F9BDF3 +20181016055751 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211914B6C57 +20181016115955 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA20E92F77 +20181017081453 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA2E7C1F6B +20181017142420 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA32237C3F +20181017185818 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA353F763B +20181017191239 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA355F350B +20181018142458 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4281917F +20181018172424 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA44764C13 +20181019021923 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4A5411D3 +20181019034359 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4B386FC3 +20181019143855 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA5262DD0F +20181019175117 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA547B23C3 +20181019180938 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA54A6C53B +20181019200034 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA55D16287 +20181020003801 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA58CB384B +20181020112657 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA5F85360B +20181020201319 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA652B1403 +20181020203144 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6552017F +20181021021352 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA68F8AE73 +20181021071146 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6C1C6B53 +20181021104137 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6E492B5B +20181021162701 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA71E3AEBB +20181021164042 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA71FF6D23 +20181022114359 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA7D41FB5F +20181023003127 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA852BE5A7 +20181023054524 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA88559E07 +20181023122409 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8C5B7A9F +20181023161120 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8EA11AB7 +20181023174619 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8F91F893 +20181023175924 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8FAACDB7 -- cgit v1.2.3 From bc32f118d484e4d71d2a0828fd4eab7e4176c9af Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 5 Nov 2018 17:31:24 +1100 Subject: Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV. Prevents unnecessary redefinition. Patch from mforney at mforney.org. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 10696513f..199975fed 100644 --- a/configure.ac +++ b/configure.ac @@ -2865,7 +2865,7 @@ if test "x$openssl" = "xyes" ; then [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], [Define if libcrypto has EVP_CIPHER_CTX_get_iv])]) AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto], - [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_SET_IV], [1], [Define if libcrypto has EVP_CIPHER_CTX_set_iv])]) AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto], -- cgit v1.2.3 From 1801cd11d99d05a66ab5248c0555f55909a355ce Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 8 Nov 2018 15:03:11 +1100 Subject: Simplify OpenSSL 1.1 function checks. Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single AC_CHECK_FUNCS. ok djm@ --- configure.ac | 150 +++++++++++++++-------------------------------------------- 1 file changed, 37 insertions(+), 113 deletions(-) diff --git a/configure.ac b/configure.ac index 199975fed..296124399 100644 --- a/configure.ac +++ b/configure.ac @@ -2722,6 +2722,43 @@ if test "x$openssl" = "xyes" ; then HMAC_CTX_init \ RSA_generate_key_ex \ RSA_get_default_method \ + EVP_CIPHER_CTX_ctrl \ + ]) + # LibreSSL/OpenSSL 1.1x API + AC_CHECK_FUNCS([ \ + DH_get0_key \ + DH_get0_pqg \ + DH_set0_key \ + DH_set_length \ + DH_set0_pqg \ + DSA_get0_key \ + DSA_get0_pqg \ + DSA_set0_key \ + DSA_set0_pqg \ + DSA_SIG_get0 \ + DSA_SIG_set0 \ + ECDSA_SIG_get0 \ + ECDSA_SIG_set0 \ + EVP_CIPHER_CTX_iv \ + EVP_CIPHER_CTX_iv_noconst \ + EVP_CIPHER_CTX_get_iv \ + EVP_CIPHER_CTX_set_iv \ + RSA_get0_crt_params \ + RSA_get0_factors \ + RSA_get0_key \ + RSA_set0_crt_params \ + RSA_set0_factors \ + RSA_set0_key \ + RSA_meth_free \ + RSA_meth_dup \ + RSA_meth_set1_name \ + RSA_meth_get_finish \ + RSA_meth_set_priv_enc \ + RSA_meth_set_priv_dec \ + RSA_meth_set_finish \ + EVP_PKEY_get0_RSA \ + EVP_MD_CTX_new \ + EVP_MD_CTX_free \ ]) if test "x$openssl_engine" = "xyes" ; then @@ -2807,119 +2844,6 @@ if test "x$openssl" = "xyes" ; then ] ) - AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], - [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], - [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) - - # LibreSSL/OpenSSL 1.1x API - AC_SEARCH_LIBS([DH_get0_key], [crypto], - [AC_DEFINE([HAVE_DH_GET0_KEY], [1], - [Define if libcrypto has DH_get0_key])]) - AC_SEARCH_LIBS([DH_get0_pqg], [crypto], - [AC_DEFINE([HAVE_DH_GET0_PQG], [1], - [Define if libcrypto has DH_get0_pqg])]) - AC_SEARCH_LIBS([DH_set0_key], [crypto], - [AC_DEFINE([HAVE_DH_SET0_KEY], [1], - [Define if libcrypto has DH_set0_key])]) - AC_SEARCH_LIBS([DH_set_length], [crypto], - [AC_DEFINE([HAVE_DH_SET_LENGTH], [1], - [Define if libcrypto has DH_set_length])]) - AC_SEARCH_LIBS([DH_set0_pqg], [crypto], - [AC_DEFINE([HAVE_DH_SET0_PQG], [1], - [Define if libcrypto has DH_set0_pqg])]) - - AC_SEARCH_LIBS([DSA_get0_key], [crypto], - [AC_DEFINE([HAVE_DSA_GET0_KEY], [1], - [Define if libcrypto has DSA_get0_key])]) - AC_SEARCH_LIBS([DSA_get0_pqg], [crypto], - [AC_DEFINE([HAVE_DSA_GET0_PQG], [1], - [Define if libcrypto has DSA_get0_pqg])]) - AC_SEARCH_LIBS([DSA_set0_key], [crypto], - [AC_DEFINE([HAVE_DSA_SET0_KEY], [1], - [Define if libcrypto has DSA_set0_key])]) - AC_SEARCH_LIBS([DSA_set0_pqg], [crypto], - [AC_DEFINE([HAVE_DSA_SET0_PQG], [1], - [Define if libcrypto has DSA_set0_pqg])]) - - AC_SEARCH_LIBS([DSA_SIG_get0], [crypto], - [AC_DEFINE([HAVE_DSA_SIG_GET0], [1], - [Define if libcrypto has DSA_SIG_get0])]) - AC_SEARCH_LIBS([DSA_SIG_set0], [crypto], - [AC_DEFINE([HAVE_DSA_SIG_SET0], [1], - [Define if libcrypto has DSA_SIG_set0])]) - - AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto], - [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1], - [Define if libcrypto has ECDSA_SIG_get0])]) - AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto], - [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1], - [Define if libcrypto has ECDSA_SIG_set0])]) - - AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto], - [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1], - [Define if libcrypto has EVP_CIPHER_CTX_iv])]) - AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto], - [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1], - [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])]) - AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto], - [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], - [Define if libcrypto has EVP_CIPHER_CTX_get_iv])]) - AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto], - [AC_DEFINE([HAVE_EVP_CIPHER_CTX_SET_IV], [1], - [Define if libcrypto has EVP_CIPHER_CTX_set_iv])]) - - AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto], - [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1], - [Define if libcrypto has RSA_get0_crt_params])]) - AC_SEARCH_LIBS([RSA_get0_factors], [crypto], - [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1], - [Define if libcrypto has RSA_get0_factors])]) - AC_SEARCH_LIBS([RSA_get0_key], [crypto], - [AC_DEFINE([HAVE_RSA_GET0_KEY], [1], - [Define if libcrypto has RSA_get0_key])]) - AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto], - [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1], - [Define if libcrypto has RSA_get0_srt_params])]) - AC_SEARCH_LIBS([RSA_set0_factors], [crypto], - [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1], - [Define if libcrypto has RSA_set0_factors])]) - AC_SEARCH_LIBS([RSA_set0_key], [crypto], - [AC_DEFINE([HAVE_RSA_SET0_KEY], [1], - [Define if libcrypto has RSA_set0_key])]) - - AC_SEARCH_LIBS([RSA_meth_free], [crypto], - [AC_DEFINE([HAVE_RSA_METH_FREE], [1], - [Define if libcrypto has RSA_meth_free])]) - AC_SEARCH_LIBS([RSA_meth_dup], [crypto], - [AC_DEFINE([HAVE_RSA_METH_DUP], [1], - [Define if libcrypto has RSA_meth_dup])]) - AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto], - [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1], - [Define if libcrypto has RSA_meth_set1_name])]) - AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto], - [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1], - [Define if libcrypto has RSA_meth_get_finish])]) - AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto], - [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], - [Define if libcrypto has RSA_meth_set_priv_enc])]) - AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto], - [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], - [Define if libcrypto has RSA_meth_set_priv_dec])]) - AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto], - [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], - [Define if libcrypto has RSA_meth_set_finish])]) - - AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto], - [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], - [Define if libcrypto has EVP_PKEY_get0_RSA])]) - - AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto], - [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], - [Define if libcrypto has EVP_MD_CTX_new])]) - AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto], - [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], - [Define if libcrypto has EVP_MD_CTX_free])]) - AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ -- cgit v1.2.3 From 624d19ac2d56fa86a22417c35536caceb3be346f Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 9 Oct 2018 16:17:42 -0300 Subject: fix compilation with openssl built without ECC ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be guarded by OPENSSL_HAS_ECC Signed-off-by: Eneas U de Queiroz --- openbsd-compat/libressl-api-compat.c | 4 ++++ openbsd-compat/openssl-compat.h | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c index de3e64a63..ae00ff593 100644 --- a/openbsd-compat/libressl-api-compat.c +++ b/openbsd-compat/libressl-api-compat.c @@ -152,7 +152,9 @@ #include #include #include +#ifdef OPENSSL_HAS_ECC #include +#endif #include #ifndef HAVE_DSA_GET0_PQG @@ -417,6 +419,7 @@ DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) } #endif /* HAVE_DSA_SIG_SET0 */ +#ifdef OPENSSL_HAS_ECC #ifndef HAVE_ECDSA_SIG_GET0 void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) @@ -442,6 +445,7 @@ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) return 1; } #endif /* HAVE_ECDSA_SIG_SET0 */ +#endif /* OPENSSL_HAS_ECC */ #ifndef HAVE_DH_GET0_PQG void diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 94c750b7f..1ae0fce29 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -25,7 +25,9 @@ #include #include #include +#ifdef OPENSSL_HAS_ECC #include +#endif #include int ssh_compatible_openssl(long, long); @@ -174,6 +176,7 @@ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); #endif /* DSA_SIG_SET0 */ +#ifdef OPENSSL_HAS_ECC #ifndef HAVE_ECDSA_SIG_GET0 void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); #endif /* HAVE_ECDSA_SIG_GET0 */ @@ -181,6 +184,7 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); #ifndef HAVE_ECDSA_SIG_SET0 int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); #endif /* HAVE_ECDSA_SIG_SET0 */ +#endif /* OPENSSL_HAS_ECC */ #ifndef HAVE_DH_GET0_PQG void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, -- cgit v1.2.3 From 9b47b083ca9d866249ada9f02dbd57c87b13806e Mon Sep 17 00:00:00 2001 From: Manoj Ampalam Date: Thu, 8 Nov 2018 22:41:59 -0800 Subject: Fix error message w/out nistp521. Correct error message when OpenSSL doesn't support certain ECDSA key lengths. --- ssh-keygen.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ssh-keygen.c b/ssh-keygen.c index e9f405847..416d25be0 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -243,7 +243,11 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) case KEY_ECDSA: if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) fatal("Invalid ECDSA key length: valid lengths are " +#ifdef OPENSSL_HAS_NISTP521 "256, 384 or 521 bits"); +#else + "256 or 384 bits"); +#endif } #endif } -- cgit v1.2.3 From d0153c77bf7964e694f1d26c56c41a571b8e9466 Mon Sep 17 00:00:00 2001 From: Dag-Erling Smørgrav Date: Tue, 9 Oct 2018 23:03:40 +0200 Subject: AC_CHECK_SIZEOF() no longer needs a second argument. --- configure.ac | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 296124399..0660c5397 100644 --- a/configure.ac +++ b/configure.ac @@ -3455,10 +3455,10 @@ fi AC_CHECK_TYPES([long long, unsigned long long, long double]) # Check datatype sizes -AC_CHECK_SIZEOF([short int], [2]) -AC_CHECK_SIZEOF([int], [4]) -AC_CHECK_SIZEOF([long int], [4]) -AC_CHECK_SIZEOF([long long int], [8]) +AC_CHECK_SIZEOF([short int]) +AC_CHECK_SIZEOF([int]) +AC_CHECK_SIZEOF([long int]) +AC_CHECK_SIZEOF([long long int]) # Sanity check long long for some platforms (AIX) if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then -- cgit v1.2.3 From bd2d54fc1eee84bf87158a1277a50e6c8a303339 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 11 Nov 2018 15:54:54 +1100 Subject: Remove hardcoded service name in cygwin setup. bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check by vinschen at redhat.com. --- contrib/cygwin/ssh-host-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 261020af3..e9f038db5 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -307,7 +307,7 @@ check_service_files_ownership() { if [ -z "${run_service_as}" ] then - accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | + accnt_name=$(/usr/bin/cygrunsrv -VQ "${service_name}" | /usr/bin/sed -ne 's/^Account *: *//gp') if [ "${accnt_name}" = "LocalSystem" ] then -- cgit v1.2.3 From f2970868f86161a22b2c377057fa3891863a692a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 11 Nov 2018 15:58:20 +1100 Subject: Improve warnings in cygwin service setup. bz#2922, patch from vinschen at redhat.com. --- contrib/cygwin/ssh-host-config | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index e9f038db5..2903125f8 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -329,9 +329,9 @@ check_service_files_ownership() { fi if [ -z "${run_service_as}" ] then - csih_warning "Couldn't determine name of user running sshd service from account database!" + csih_warning "Couldn't determine name of user running ${service_name} service from account database!" csih_warning "As a result, this script cannot make sure that the files used" - csih_warning "by the sshd service belong to the user running the service." + csih_warning "by the ${service_name} service belong to the user running the service." return 1 fi fi @@ -367,8 +367,8 @@ check_service_files_ownership() { if [ $ret -ne 0 ] then csih_warning "Couldn't change owner of important files to ${run_service_as}!" - csih_warning "This may cause the sshd service to fail! Please make sure that" - csih_warning "you have suufficient permissions to change the ownership of files" + csih_warning "This may cause the ${service_name} service to fail! Please make sure that" + csih_warning "you have sufficient permissions to change the ownership of files" csih_warning "and try to run the ssh-host-config script again." fi return $ret @@ -446,7 +446,7 @@ install_service() { echo csih_inform "The sshd service has been installed under the LocalSystem" csih_inform "account (also known as SYSTEM). To start the service now, call" - csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it" + csih_inform "\`net start ${service_name}' or \`cygrunsrv -S ${service_name}'. Otherwise, it" csih_inform "will start automatically after the next reboot." fi else -- cgit v1.2.3 From ce93472134fb22eff73edbcd173a21ae38889331 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 16 Nov 2018 12:44:01 +1100 Subject: Fix check for OpenSSL 1.0.1 exactly. Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix compile-time check for 1.0.1 to match. --- openbsd-compat/openssl-compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 1ae0fce29..b87ce59e7 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -32,7 +32,7 @@ int ssh_compatible_openssl(long, long); -#if (OPENSSL_VERSION_NUMBER <= 0x1000100fL) +#if (OPENSSL_VERSION_NUMBER < 0x1000100fL) # error OpenSSL 1.0.1 or greater is required #endif -- cgit v1.2.3 From 8d8340e2c215155637fe19cb1a837f71b2d55f7b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 16 Nov 2018 13:32:13 +1100 Subject: Remove fallback check for /usr/local/ssl. If configure could not find a working OpenSSL installation it would fall back to checking in /usr/local/ssl. This made sense back when systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't use that as a default any more. The fallback behaviour also meant that if you pointed --with-ssl-dir at a specific directory and it didn't work, it would silently use either the system libs or the ones in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to pass configure --with-ssl-dir=/usr/local/ssl. ok djm@ --- configure.ac | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/configure.ac b/configure.ac index 0660c5397..53a16c39a 100644 --- a/configure.ac +++ b/configure.ac @@ -2527,26 +2527,10 @@ AC_ARG_WITH([ssl-engine], if test "x$openssl" = "xyes" ; then LIBS="-lcrypto $LIBS" - AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], - [Define if your ssl headers are included - with #include ])], - [ - dnl Check default openssl install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" - AC_CHECK_HEADER([openssl/opensslv.h], , - [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) - AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], - [ - AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) - ] - ) - ] - ) + AC_TRY_LINK_FUNC([RAND_add], , + [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) + AC_CHECK_HEADER([openssl/opensslv.h], , + [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) # Determine OpenSSL header version AC_MSG_CHECKING([OpenSSL header version]) -- cgit v1.2.3 From 46925ae28e53fc9add336a4fcdb7ed4b86c3591c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 26 Oct 2018 01:23:03 +0000 Subject: upstream: mention ssh-ed25519-cert-v01@openssh.com in list of cert key type at start of doc OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324 --- PROTOCOL.certkeys | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 11363fdc3..48338e671 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys @@ -36,6 +36,7 @@ Certified keys are represented using new key types: ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com + ssh-ed25519-cert-v01@openssh.com Two additional types exist for RSA certificates to force use of SHA-2 signatures (SHA-256 and SHA-512 respectively): @@ -303,4 +304,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $ -- cgit v1.2.3 From 1293740e800fa2e5ccd38842a2e4970c6f3b9831 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 31 Oct 2018 11:20:05 +0000 Subject: upstream: Import new moduli. OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403 --- .skipped-commit-ids | 1 + 1 file changed, 1 insertion(+) diff --git a/.skipped-commit-ids b/.skipped-commit-ids index f1b3b7640..01d447a49 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -5,6 +5,7 @@ fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update 814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs 04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update +c07772f58028fda683ee6abd41c73da3ff70d403 moduli update Old upstream tree: -- cgit v1.2.3 From 81f1620c836e6c79c0823ba44acca605226a80f1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 9 Nov 2018 02:56:22 +0000 Subject: upstream: correct local variable name; from yawang AT microsoft.com OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87 --- dh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dh.c b/dh.c index 657b32da3..a98d39ed5 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.68 2018/09/17 15:40:14 millert Exp $ */ +/* $OpenBSD: dh.c,v 1.69 2018/11/09 02:56:22 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -406,7 +406,7 @@ dh_new_group16(void) DH * dh_new_group18(void) { - static char *gen = "2", *group16 = + static char *gen = "2", *group18 = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" @@ -451,7 +451,7 @@ dh_new_group18(void) "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71" "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF"; - return (dh_new_group_asc(gen, group16)); + return (dh_new_group_asc(gen, group18)); } /* Select fallback group used by DH-GEX if moduli file cannot be read. */ -- cgit v1.2.3 From 960e7c672dc106f3b759c081de3edb4d1138b36e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 9 Nov 2018 02:57:58 +0000 Subject: upstream: typo in error message; caught by Debian lintian, via Colin Watson OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758 --- ssh-agent.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-agent.c b/ssh-agent.c index d8a8260f9..cb552462a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.231 2018/05/11 03:38:51 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.232 2018/11/09 02:57:58 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1199,7 +1199,7 @@ main(int ac, char **av) */ #define SSH_AGENT_MIN_FDS (3+1+1+1+4) if (rlim.rlim_cur < SSH_AGENT_MIN_FDS) - fatal("%s: file descriptior rlimit %lld too low (minimum %u)", + fatal("%s: file descriptor rlimit %lld too low (minimum %u)", __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS); maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS; -- cgit v1.2.3 From 90ef45f7aac33eaf55ec344e101548a01e570f29 Mon Sep 17 00:00:00 2001 From: "schwarze@openbsd.org" Date: Tue, 13 Nov 2018 07:22:45 +0000 Subject: upstream: fix markup error (missing blank before delimiter); from Mike Frysinger OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9 --- sftp.1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sftp.1 b/sftp.1 index 0fd54cae0..50e2fef0a 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.120 2018/09/20 06:58:48 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.121 2018/11/13 07:22:45 schwarze Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 20 2018 $ +.Dd $Mdocdate: November 13 2018 $ .Dt SFTP 1 .Os .Sh NAME @@ -135,7 +135,7 @@ may be used to indicate standard input. .Nm will abort if any of the following commands fail: -.Ic get , put , reget , reput, rename , ln , +.Ic get , put , reget , reput , rename , ln , .Ic rm , mkdir , chdir , ls , .Ic lchdir , chmod , chown , .Ic chgrp , lpwd , df , symlink , -- cgit v1.2.3 From 5c1a63562cac0574c226224075b0829a50b48c9d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 02:30:20 +0000 Subject: upstream: support a prefix of '@' to suppress echo of sftp batch commands; bz#2926; ok dtucker@ OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d --- sftp.1 | 11 +++++++++-- sftp.c | 57 +++++++++++++++++++++++++++++++-------------------------- 2 files changed, 40 insertions(+), 28 deletions(-) diff --git a/sftp.1 b/sftp.1 index 50e2fef0a..7140bc19b 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.121 2018/11/13 07:22:45 schwarze Exp $ +.\" $OpenBSD: sftp.1,v 1.122 2018/11/16 02:30:20 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 13 2018 $ +.Dd $Mdocdate: November 16 2018 $ .Dt SFTP 1 .Os .Sh NAME @@ -127,6 +127,7 @@ at connection time (see and .Xr ssh-keygen 1 for details). +.Pp A .Ar batchfile of @@ -141,11 +142,17 @@ commands fail: .Ic chgrp , lpwd , df , symlink , and .Ic lmkdir . +.Pp Termination on error can be suppressed on a command by command basis by prefixing the command with a .Sq \- character (for example, .Ic -rm /tmp/blah* ) . +Echo of the command may be suppressed by prefixing the command with a +.Sq @ +character. +These two prefixes may be combined in any order, for example +.Ic -@ls /bsd . .It Fl C Enables compression (via ssh's .Fl C diff --git a/sftp.c b/sftp.c index 7db86c2d3..e3091969c 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.186 2018/09/07 04:26:56 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.187 2018/11/16 02:30:20 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1296,7 +1296,7 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, } static int -parse_args(const char **cpp, int *ignore_errors, int *aflag, +parse_args(const char **cpp, int *ignore_errors, int *disable_echo, int *aflag, int *fflag, int *hflag, int *iflag, int *lflag, int *pflag, int *rflag, int *sflag, unsigned long *n_arg, char **path1, char **path2) @@ -1310,13 +1310,23 @@ parse_args(const char **cpp, int *ignore_errors, int *aflag, /* Skip leading whitespace */ cp = cp + strspn(cp, WHITESPACE); - /* Check for leading '-' (disable error processing) */ + /* + * Check for leading '-' (disable error processing) and '@' (suppress + * command echo) + */ *ignore_errors = 0; - if (*cp == '-') { - *ignore_errors = 1; - cp++; - cp = cp + strspn(cp, WHITESPACE); + *disable_echo = 0; + for (;*cp != '\0'; cp++) { + if (*cp == '-') { + *ignore_errors = 1; + } else if (*cp == '@') { + *disable_echo = 1; + } else { + /* all other characters terminate prefix processing */ + break; + } } + cp = cp + strspn(cp, WHITESPACE); /* Ignore blank lines and lines which begin with comment '#' char */ if (*cp == '\0' || *cp == '#') @@ -1491,11 +1501,12 @@ parse_args(const char **cpp, int *ignore_errors, int *aflag, static int parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, - const char *startdir, int err_abort) + const char *startdir, int err_abort, int echo_command) { + const char *ocmd = cmd; char *path1, *path2, *tmp; - int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0, - iflag = 0; + int ignore_errors = 0, disable_echo = 1; + int aflag = 0, fflag = 0, hflag = 0, iflag = 0; int lflag = 0, pflag = 0, rflag = 0, sflag = 0; int cmdnum, i; unsigned long n_arg = 0; @@ -1505,11 +1516,15 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, glob_t g; path1 = path2 = NULL; - cmdnum = parse_args(&cmd, &ignore_errors, &aflag, &fflag, &hflag, - &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg, &path1, &path2); + cmdnum = parse_args(&cmd, &ignore_errors, &disable_echo, &aflag, &fflag, + &hflag, &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg, + &path1, &path2); if (ignore_errors != 0) err_abort = 0; + if (echo_command && !disable_echo) + mprintf("sftp> %s\n", ocmd); + memset(&g, 0, sizeof(g)); /* Perform command */ @@ -2169,7 +2184,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) mprintf("Changing to: %s\n", dir); snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); if (parse_dispatch_command(conn, cmd, - &remote_path, startdir, 1) != 0) { + &remote_path, startdir, 1, 0) != 0) { free(dir); free(startdir); free(remote_path); @@ -2183,7 +2198,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) file2 == NULL ? "" : " ", file2 == NULL ? "" : file2); err = parse_dispatch_command(conn, cmd, - &remote_path, startdir, 1); + &remote_path, startdir, 1, 0); free(dir); free(startdir); free(remote_path); @@ -2199,8 +2214,6 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) interactive = !batchmode && isatty(STDIN_FILENO); err = 0; for (;;) { - char *cp; - signal(SIGINT, SIG_IGN); if (el == NULL) { @@ -2211,12 +2224,6 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) printf("\n"); break; } - if (!interactive) { /* Echo command */ - mprintf("sftp> %s", cmd); - if (strlen(cmd) > 0 && - cmd[strlen(cmd) - 1] != '\n') - printf("\n"); - } } else { #ifdef USE_LIBEDIT const char *line; @@ -2235,16 +2242,14 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) #endif /* USE_LIBEDIT */ } - cp = strrchr(cmd, '\n'); - if (cp) - *cp = '\0'; + cmd[strcspn(cmd, "\n")] = '\0'; /* Handle user interrupts gracefully during commands */ interrupted = 0; signal(SIGINT, cmd_interrupt); err = parse_dispatch_command(conn, cmd, &remote_path, - startdir, batchmode); + startdir, batchmode, !interactive && el == NULL); if (err != 0) break; } -- cgit v1.2.3 From e76135e3007f1564427b2956c628923d8dc2f75a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 02:43:56 +0000 Subject: upstream: fix bug in HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b --- monitor.c | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/monitor.c b/monitor.c index 531b2993a..09d3a27fd 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.186 2018/07/20 03:46:34 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.188 2018/11/16 02:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -846,6 +846,35 @@ mm_answer_authserv(int sock, struct sshbuf *m) return (0); } +/* + * Check that the key type appears in the supplied pattern list, ignoring + * mismatches in the signature algorithm. (Signature algorithm checks are + * performed in the unprivileged authentication code). + * Returns 1 on success, 0 otherwise. + */ +static int +key_base_type_match(const char *method, const struct sshkey *key, + const char *list) +{ + char *s, *l, *ol = xstrdup(list); + int found = 0; + + l = ol; + for ((s = strsep(&l, ",")); s && *s != '\0'; (s = strsep(&l, ","))) { + if (sshkey_type_from_name(s) == key->type) { + found = 1; + break; + } + } + if (!found) { + error("%s key type %s is not in permitted list %s", method, + sshkey_ssh_name(key), list); + } + + free(ol); + return found; +} + int mm_answer_authpassword(int sock, struct sshbuf *m) { @@ -1151,8 +1180,8 @@ mm_answer_keyallowed(int sock, struct sshbuf *m) break; if (auth2_key_already_used(authctxt, key)) break; - if (match_pattern_list(sshkey_ssh_name(key), - options.pubkey_key_types, 0) != 1) + if (!key_base_type_match(auth_method, key, + options.pubkey_key_types)) break; allowed = user_key_allowed(ssh, authctxt->pw, key, pubkey_auth_attempt, &opts); @@ -1163,8 +1192,8 @@ mm_answer_keyallowed(int sock, struct sshbuf *m) break; if (auth2_key_already_used(authctxt, key)) break; - if (match_pattern_list(sshkey_ssh_name(key), - options.hostbased_key_types, 0) != 1) + if (!key_base_type_match(auth_method, key, + options.hostbased_key_types)) break; allowed = hostbased_key_allowed(authctxt->pw, cuser, chost, key); -- cgit v1.2.3 From aaed635e3a401cfcc4cc97f33788179c458901c3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 02:46:20 +0000 Subject: upstream: fix bug in client that was keeping a redundant ssh-agent socket around for the life of the connection; bz#2912; reported by Simon Tatham; ok dtucker@ OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478 --- sshconnect2.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index 1675f3935..cf60c7d43 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.288 2018/10/11 03:48:04 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.289 2018/11/16 02:46:20 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -379,7 +379,6 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, /* setup authentication context */ memset(&authctxt, 0, sizeof(authctxt)); - pubkey_prepare(&authctxt); authctxt.server_user = server_user; authctxt.local_user = local_user; authctxt.host = host; @@ -392,6 +391,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; authctxt.info_req_seen = 0; authctxt.agent_fd = -1; + pubkey_prepare(&authctxt); if (authctxt.method == NULL) fatal("ssh_userauth2: internal error: cannot send userauth none request"); @@ -1620,8 +1620,10 @@ pubkey_cleanup(Authctxt *authctxt) { Identity *id; - if (authctxt->agent_fd != -1) + if (authctxt->agent_fd != -1) { ssh_close_authentication_socket(authctxt->agent_fd); + authctxt->agent_fd = -1; + } for (id = TAILQ_FIRST(&authctxt->keys); id; id = TAILQ_FIRST(&authctxt->keys)) { TAILQ_REMOVE(&authctxt->keys, id, next); -- cgit v1.2.3 From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 03:03:10 +0000 Subject: upstream: disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 --- scp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scp.c b/scp.c index 60682c687..4f3fdcd3d 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */ +/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1106,7 +1106,8 @@ sink(int argc, char **argv) SCREWUP("size out of range"); size = (off_t)ull; - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { + if (*cp == '\0' || strchr(cp, '/') != NULL || + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { run_err("error: unexpected filename: %s", cp); exit(1); } -- cgit v1.2.3 From d0d1dfa55be1c5c0d77ab3096b198a64235f936d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 16 Nov 2018 14:11:44 +1100 Subject: Test for OPENSSL_init_crypto before using. Check for the presence of OPENSSL_init_crypto and all the flags we want before trying to use it (bz#2931). --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 53a16c39a..3f7fe2cd0 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ]) # LibreSSL/OpenSSL 1.1x API AC_CHECK_FUNCS([ \ + OPENSSL_init_crypto \ DH_get0_key \ DH_get0_pqg \ DH_set0_key \ diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 590b66d16..5ade8f0ba 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -76,11 +76,14 @@ ssh_OpenSSL_add_all_algorithms(void) ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - OPENSSL_config(NULL); -#else +#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \ + defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ + defined(OPENSSL_INIT_ADD_ALL_DIGESTS) && \ + defined(OPENSSL_INIT_LOAD_CONFIG) OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); +#else + OPENSSL_config(NULL); #endif } #endif -- cgit v1.2.3 From 2a35862e664afde774d4a72497d394fe7306ccb5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 03:26:01 +0000 Subject: upstream: use path_absolute() for pathname checks; from Manoj Ampalam OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925 --- auth.c | 6 +++--- misc.c | 9 ++++++++- misc.h | 3 ++- readconf.c | 4 ++-- servconf.c | 4 ++-- session.c | 4 ++-- sftp.c | 8 ++++---- sshd.c | 4 ++-- 8 files changed, 25 insertions(+), 17 deletions(-) diff --git a/auth.c b/auth.c index 3ca3762cc..18d0857ff 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -437,7 +437,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw) * Ensure that filename starts anchored. If not, be backward * compatible and prepend the '%h/' */ - if (*file == '/') + if (path_absolute(file)) return (file); i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); @@ -893,7 +893,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, * If executing an explicit binary, then verify the it exists * and appears safe-ish to execute */ - if (*av[0] != '/') { + if (!path_absolute(av[0])) { error("%s path is not absolute", tag); return 0; } diff --git a/misc.c b/misc.c index bdc06fdb3..dd74c8d45 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.133 2018/10/05 14:26:09 naddy Exp $ */ +/* $OpenBSD: misc.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -2037,3 +2037,10 @@ format_absolute_time(uint64_t t, char *buf, size_t len) localtime_r(&tt, &tm); strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); } + +/* check if path is absolute */ +int +path_absolute(const char *path) +{ + return (*path == '/') ? 1 : 0; +} diff --git a/misc.h b/misc.h index 31b207a8d..bcae6a509 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.76 2018/11/16 03:26:01 djm Exp $ */ /* * Author: Tatu Ylonen @@ -78,6 +78,7 @@ int valid_env_name(const char *); const char *atoi_err(const char *, int *); int parse_absolute_time(const char *, uint64_t *); void format_absolute_time(uint64_t, char *, size_t); +int path_absolute(const char *); void sock_set_v6only(int); diff --git a/readconf.c b/readconf.c index 433811521..7850f2f59 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */ +/* $OpenBSD: readconf.c,v 1.301 2018/11/16 03:26:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1521,7 +1521,7 @@ parse_keytypes: if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0) fatal("%.200s line %d: bad include path %s.", filename, linenum, arg); - if (*arg != '/' && *arg != '~') { + if (!path_absolute(arg) && *arg != '~') { xasprintf(&arg2, "%s/%s", (flags & SSHCONF_USERCONF) ? "~/" _PATH_SSH_USER_DIR : SSHDIR, arg); diff --git a/servconf.c b/servconf.c index 932d363bb..a8727c0fa 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -702,7 +702,7 @@ derelativise_path(const char *path) if (strcasecmp(path, "none") == 0) return xstrdup("none"); expanded = tilde_expand_filename(path, getuid()); - if (*expanded == '/') + if (path_absolute(expanded)) return expanded; if (getcwd(cwd, sizeof(cwd)) == NULL) fatal("%s: getcwd: %s", __func__, strerror(errno)); diff --git a/session.c b/session.c index 2d0958d11..a3f0b3562 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.307 2018/10/04 00:10:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.308 2018/11/16 03:26:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1334,7 +1334,7 @@ safely_chroot(const char *path, uid_t uid) char component[PATH_MAX]; struct stat st; - if (*path != '/') + if (!path_absolute(path)) fatal("chroot path does not begin at root"); if (strlen(path) >= sizeof(component)) fatal("chroot path too long"); diff --git a/sftp.c b/sftp.c index e3091969c..ed95cf817 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.187 2018/11/16 02:30:20 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.188 2018/11/16 03:26:01 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -389,7 +389,7 @@ make_absolute(char *p, const char *pwd) char *abs_str; /* Derelativise */ - if (p && p[0] != '/') { + if (p && !path_absolute(p)) { abs_str = path_append(pwd, p); free(p); return(abs_str); @@ -1623,7 +1623,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, /* Strip pwd off beginning of non-absolute paths */ tmp = NULL; - if (*path1 != '/') + if (!path_absolute(path1)) tmp = *pwd; path1 = make_absolute(path1, *pwd); @@ -1951,7 +1951,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, xasprintf(&tmp, "%s*", file); /* Check if the path is absolute. */ - isabs = tmp[0] == '/'; + isabs = path_absolute(tmp); memset(&g, 0, sizeof(g)); if (remote != LOCAL) { diff --git a/sshd.c b/sshd.c index 66e79a3d2..362736977 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.517 2018/10/23 05:56:35 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1624,7 +1624,7 @@ main(int ac, char **av) } if (rexeced_flag || inetd_flag) rexec_flag = 0; - if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) + if (!test_flag && rexec_flag && !path_absolute(av[0])) fatal("sshd re-exec requires execution with an absolute path"); if (rexeced_flag) closefrom(REEXEC_MIN_FREE_FD); -- cgit v1.2.3 From 15182fd96845a03216d7ac5a2cf31c4e77e406e3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 06:10:29 +0000 Subject: upstream: make grandparent-parent-child sshbuf chains robust to use-after-free faults if the ancestors are freed before the descendents. Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2 --- sshbuf.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/sshbuf.c b/sshbuf.c index 20ddf9eb6..adfddf775 100644 --- a/sshbuf.c +++ b/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.12 2018/07/09 21:56:06 markus Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -143,12 +143,7 @@ sshbuf_free(struct sshbuf *buf) */ if (sshbuf_check_sanity(buf) != 0) return; - /* - * If we are a child, the free our parent to decrement its reference - * count and possibly free it. - */ - sshbuf_free(buf->parent); - buf->parent = NULL; + /* * If we are a parent with still-extant children, then don't free just * yet. The last child's call to sshbuf_free should decrement our @@ -157,6 +152,14 @@ sshbuf_free(struct sshbuf *buf) buf->refcount--; if (buf->refcount > 0) return; + + /* + * If we are a child, the free our parent to decrement its reference + * count and possibly free it. + */ + sshbuf_free(buf->parent); + buf->parent = NULL; + if (!buf->readonly) { explicit_bzero(buf->d, buf->alloc); free(buf->d); -- cgit v1.2.3 From ccef7c4faf914993b53035cd2b25ce02ab039c9d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 06:17:38 +0000 Subject: upstream: redirect stderr of ProxyCommands to /dev/null when ssh is started with ControlPersist; based on patch from Steffen Prohaska OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957 --- sshconnect.c | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index 52c328111..a700f467f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.306 2018/10/15 11:28:50 florian Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.307 2018/11/16 06:17:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,6 +78,7 @@ static int matching_host_key_dns = 0; static pid_t proxy_command_pid = 0; /* import */ +extern int debug_flag; extern Options options; extern char *__progname; @@ -99,6 +100,24 @@ expand_proxy_command(const char *proxy_command, const char *user, return ret; } +static void +stderr_null(void) +{ + int devnull; + + if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) { + error("Can't open %s for stderr redirection: %s", + _PATH_DEVNULL, strerror(errno)); + return; + } + if (devnull == STDERR_FILENO) + return; + if (dup2(devnull, STDERR_FILENO) == -1) + error("Cannot redirect stderr to %s", _PATH_DEVNULL); + if (devnull > STDERR_FILENO) + close(devnull); +} + /* * Connect to the given ssh server using a proxy command that passes a * a connected fd back to us. @@ -141,9 +160,12 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, close(sp[0]); /* - * Stderr is left as it is so that error messages get - * printed on the user's terminal. + * Stderr is left for non-ControlPersist connections is so + * error messages may be printed on the user's terminal. */ + if (debug_flag || !options.control_persist) + stderr_null(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; @@ -219,8 +241,13 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Cannot be 1 because pin allocated two descriptors. */ close(pout[1]); - /* Stderr is left as it is so that error messages get - printed on the user's terminal. */ + /* + * Stderr is left for non-ControlPersist connections is so + * error messages may be printed on the user's terminal. + */ + if (debug_flag || !options.control_persist) + stderr_null(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; -- cgit v1.2.3 From 7fca94edbe8ca9f879da9fdd2afd959c4180f4c7 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Sun, 18 Nov 2018 22:43:29 +0000 Subject: upstream: Fix inverted logic for redirecting ProxyCommand stderr to /dev/null. Fixes mosh in proxycommand mode that was broken by the previous ProxyCommand change that was reported by matthieu@. ok djm@ danj@ OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6 --- sshconnect.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index a700f467f..4862da5ed 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.307 2018/11/16 06:17:38 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.308 2018/11/18 22:43:29 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -163,7 +163,8 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, * Stderr is left for non-ControlPersist connections is so * error messages may be printed on the user's terminal. */ - if (debug_flag || !options.control_persist) + if (!debug_flag && options.control_path != NULL && + options.control_persist) stderr_null(); argv[0] = shell; @@ -245,7 +246,8 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, * Stderr is left for non-ControlPersist connections is so * error messages may be printed on the user's terminal. */ - if (debug_flag || !options.control_persist) + if (!debug_flag && options.control_path != NULL && + options.control_persist) stderr_null(); argv[0] = shell; -- cgit v1.2.3 From 928f1231f65f88cd4c73e6e0edd63d2cf6295d77 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 19 Nov 2018 04:12:32 +0000 Subject: upstream: silence (to log level debug2) failure messages when MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit loading the default hostkeys. Hostkeys explicitly specified in the configuration or on the command-line are still reported as errors, and failure to load at least one host key remains a fatal error. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Based on patch from Dag-Erling Smørgrav via https://github.com/openssh/openssh-portable/pull/103 ok markus@ OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684 --- servconf.c | 40 ++++++++++++++++++++++++++++------------ servconf.h | 5 +++-- sshd.c | 13 ++++++++----- 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/servconf.c b/servconf.c index a8727c0fa..52d9be429 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.344 2018/11/19 04:12:32 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -221,26 +221,40 @@ assemble_algorithms(ServerOptions *o) } static void -array_append(const char *file, const int line, const char *directive, - char ***array, u_int *lp, const char *s) +array_append2(const char *file, const int line, const char *directive, + char ***array, int **iarray, u_int *lp, const char *s, int i) { if (*lp >= INT_MAX) fatal("%s line %d: Too many %s entries", file, line, directive); + if (iarray != NULL) { + *iarray = xrecallocarray(*iarray, *lp, *lp + 1, + sizeof(**iarray)); + (*iarray)[*lp] = i; + } + *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); (*array)[*lp] = xstrdup(s); (*lp)++; } +static void +array_append(const char *file, const int line, const char *directive, + char ***array, u_int *lp, const char *s) +{ + array_append2(file, line, directive, array, NULL, lp, s, 0); +} + void servconf_add_hostkey(const char *file, const int line, - ServerOptions *options, const char *path) + ServerOptions *options, const char *path, int userprovided) { char *apath = derelativise_path(path); - array_append(file, line, "HostKey", - &options->host_key_files, &options->num_host_key_files, apath); + array_append2(file, line, "HostKey", + &options->host_key_files, &options->host_key_file_userprovided, + &options->num_host_key_files, apath, userprovided); free(apath); } @@ -268,16 +282,16 @@ fill_default_server_options(ServerOptions *options) if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_RSA_KEY_FILE); + _PATH_HOST_RSA_KEY_FILE, 0); #ifdef OPENSSL_HAS_ECC servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_KEY_FILE); + _PATH_HOST_ECDSA_KEY_FILE, 0); #endif servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ED25519_KEY_FILE); + _PATH_HOST_ED25519_KEY_FILE, 0); #ifdef WITH_XMSS servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_XMSS_KEY_FILE); + _PATH_HOST_XMSS_KEY_FILE, 0); #endif /* WITH_XMSS */ } /* No certificates by default */ @@ -1355,8 +1369,10 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: missing file name.", filename, linenum); - if (*activep) - servconf_add_hostkey(filename, linenum, options, arg); + if (*activep) { + servconf_add_hostkey(filename, linenum, + options, arg, 1); + } break; case sHostKeyAgent: diff --git a/servconf.h b/servconf.h index 0175e00e8..548ad5a0c 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.138 2018/11/19 04:12:32 djm Exp $ */ /* * Author: Tatu Ylonen @@ -75,6 +75,7 @@ typedef struct { char *routing_domain; /* Bind session to routing domain */ char **host_key_files; /* Files containing host keys. */ + int *host_key_file_userprovided; /* Key was specified by user. */ u_int num_host_key_files; /* Number of files for host keys. */ char **host_cert_files; /* Files containing host certs. */ u_int num_host_cert_files; /* Number of files for host certs. */ @@ -273,7 +274,7 @@ void copy_set_server_options(ServerOptions *, ServerOptions *, int); void dump_config(ServerOptions *); char *derelativise_path(const char *); void servconf_add_hostkey(const char *, const int, - ServerOptions *, const char *path); + ServerOptions *, const char *path, int); void servconf_add_hostcert(const char *, const int, ServerOptions *, const char *path); diff --git a/sshd.c b/sshd.c index 362736977..afd959329 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.519 2018/11/19 04:12:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1588,7 +1588,7 @@ main(int ac, char **av) break; case 'h': servconf_add_hostkey("[command-line]", 0, - &options, optarg); + &options, optarg, 1); break; case 't': test_flag = 1; @@ -1760,15 +1760,18 @@ main(int ac, char **av) } for (i = 0; i < options.num_host_key_files; i++) { + int ll = options.host_key_file_userprovided[i] ? + SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1; + if (options.host_key_files[i] == NULL) continue; if ((r = sshkey_load_private(options.host_key_files[i], "", &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) - error("Error loading host key \"%s\": %s", + do_log2(ll, "Unable to load host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); if ((r = sshkey_load_public(options.host_key_files[i], &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) - error("Error loading host key \"%s\": %s", + do_log2(ll, "Unable to load host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); if (pubkey == NULL && key != NULL) if ((r = sshkey_from_private(key, &pubkey)) != 0) @@ -1785,7 +1788,7 @@ main(int ac, char **av) keytype = key->type; accumulate_host_timing_secret(cfg, key); } else { - error("Could not load host key: %s", + do_log2(ll, "Unable to load host key: %s", options.host_key_files[i]); sensitive_data.host_keys[i] = NULL; sensitive_data.host_pubkeys[i] = NULL; -- cgit v1.2.3 From c1941293d9422a14dda372b4c21895e72aa7a063 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 22 Nov 2018 15:52:26 +1100 Subject: Resync Makefile.inc with upstream. It's unused in -portable, but having it out of sync makes other syncs fail to apply. --- regress/unittests/Makefile.inc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc index b509f4452..d662a46bc 100644 --- a/regress/unittests/Makefile.inc +++ b/regress/unittests/Makefile.inc @@ -1,8 +1,20 @@ # $OpenBSD: Makefile.inc,v 1.12 2017/12/21 00:41:22 djm Exp $ +REGRESS_FAIL_EARLY?= yes + .include .include +MALLOC_OPTIONS?= CFGJRSUX +TEST_ENV?= MALLOC_OPTIONS=${MALLOC_OPTIONS} + +# XXX detect from ssh binary? +OPENSSL?= yes + +.if (${OPENSSL:L} == "yes") +CFLAGS+= -DWITH_OPENSSL +.endif + # enable warnings WARNINGS=Yes @@ -49,5 +61,10 @@ DPADD+=${.CURDIR}/../test_helper/libtest_helper.a .PATH: ${.CURDIR}/${SSHREL} +LDADD+= -lutil +DPADD+= ${LIBUTIL} + +.if (${OPENSSL:L} == "yes") LDADD+= -lcrypto DPADD+= ${LIBCRYPTO} +.endif -- cgit v1.2.3 From 35d0e5fefc419bddcbe09d7fc163d8cd3417125b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 17 Oct 2018 23:28:05 +0000 Subject: upstream: add some knobs: UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing). UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing). UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names). useful if you want to run the tests as a smoke test to exercise the functionality without waiting for all the fuzzers to run. OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e --- regress/unittests/Makefile.inc | 18 ++++++- regress/unittests/sshbuf/Makefile | 5 +- regress/unittests/sshbuf/test_sshbuf_fuzz.c | 9 +++- regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c | 12 +++-- regress/unittests/sshkey/Makefile | 4 +- regress/unittests/sshkey/test_fuzz.c | 57 +++++++++++++++------- regress/unittests/test_helper/test_helper.c | 28 +++++++++-- regress/unittests/test_helper/test_helper.h | 4 +- 8 files changed, 103 insertions(+), 34 deletions(-) diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc index d662a46bc..428ef6836 100644 --- a/regress/unittests/Makefile.inc +++ b/regress/unittests/Makefile.inc @@ -1,10 +1,15 @@ -# $OpenBSD: Makefile.inc,v 1.12 2017/12/21 00:41:22 djm Exp $ +# $OpenBSD: Makefile.inc,v 1.13 2018/10/17 23:28:05 djm Exp $ REGRESS_FAIL_EARLY?= yes .include .include +# User-settable options +UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing). +UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing). +UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names). + MALLOC_OPTIONS?= CFGJRSUX TEST_ENV?= MALLOC_OPTIONS=${MALLOC_OPTIONS} @@ -68,3 +73,14 @@ DPADD+= ${LIBUTIL} LDADD+= -lcrypto DPADD+= ${LIBCRYPTO} .endif + +UNITTEST_ARGS?= + +.if (${UNITTEST_VERBOSE:L} != "no") +UNITTEST_ARGS+= -v +.endif +.if (${UNITTEST_FAST:L} != "no") +UNITTEST_ARGS+= -f +.elif (${UNITTEST_SLOW:L} != "no") +UNITTEST_ARGS+= -F +.endif diff --git a/regress/unittests/sshbuf/Makefile b/regress/unittests/sshbuf/Makefile index 81d4f27a6..0e8e9fd10 100644 --- a/regress/unittests/sshbuf/Makefile +++ b/regress/unittests/sshbuf/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.6 2017/12/21 00:41:22 djm Exp $ +# $OpenBSD: Makefile,v 1.7 2018/10/17 23:28:05 djm Exp $ .include @@ -17,6 +17,5 @@ SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c SRCS+=atomicio.c run-regress-${PROG}: ${PROG} - env ${TEST_ENV} ./${PROG} - + env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS} diff --git a/regress/unittests/sshbuf/test_sshbuf_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_fuzz.c index c52376b53..e236c82f9 100644 --- a/regress/unittests/sshbuf/test_sshbuf_fuzz.c +++ b/regress/unittests/sshbuf/test_sshbuf_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshbuf_fuzz.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */ +/* $OpenBSD: test_sshbuf_fuzz.c,v 1.2 2018/10/17 23:28:05 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -30,10 +30,15 @@ sshbuf_fuzz_tests(void) { struct sshbuf *p1; u_char *dp; - size_t sz, sz2, i; + size_t sz, sz2, i, ntests = NUM_FUZZ_TESTS; u_int32_t r; int ret; + if (test_is_fast()) + ntests >>= 2; + if (test_is_slow()) + ntests <<= 2; + /* NB. uses sshbuf internals */ TEST_START("fuzz alloc/dealloc"); p1 = sshbuf_new(); diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c index c6b5c29d1..7c7cb2bfd 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshbuf_getput_fuzz.c,v 1.2 2014/05/02 02:54:00 djm Exp $ */ +/* $OpenBSD: test_sshbuf_getput_fuzz.c,v 1.3 2018/10/17 23:28:05 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -115,11 +115,15 @@ sshbuf_getput_fuzz_tests(void) 0x55, 0x0f, 0x69, 0xd8, 0x0e, 0xc2, 0x3c, 0xd4, }; struct fuzz *fuzz; + u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_2_BIT_FLIP | + FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | + FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END; + + if (test_is_fast()) + fuzzers &= ~(FUZZ_2_BYTE_FLIP|FUZZ_2_BIT_FLIP); TEST_START("fuzz blob parsing"); - fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_2_BIT_FLIP | - FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | - FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, blob, sizeof(blob)); + fuzz = fuzz_begin(fuzzers, blob, sizeof(blob)); TEST_ONERROR(onerror, fuzz); for(; !fuzz_done(fuzz); fuzz_next(fuzz)) attempt_parse_blob(blob, sizeof(blob)); diff --git a/regress/unittests/sshkey/Makefile b/regress/unittests/sshkey/Makefile index 1c940bec6..aa731df1c 100644 --- a/regress/unittests/sshkey/Makefile +++ b/regress/unittests/sshkey/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $ +# $OpenBSD: Makefile,v 1.6 2018/10/17 23:28:05 djm Exp $ PROG=test_sshkey SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c @@ -18,7 +18,7 @@ SRCS+=digest-openssl.c REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} - env ${TEST_ENV} ./${PROG} -d ${.CURDIR}/testdata + env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS} -d ${.CURDIR}/testdata .include diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index d3b0c92b4..5953de595 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_fuzz.c,v 1.8 2017/12/21 00:41:22 djm Exp $ */ +/* $OpenBSD: test_fuzz.c,v 1.9 2018/10/17 23:28:05 djm Exp $ */ /* * Fuzz tests for key parsing * @@ -51,14 +51,16 @@ public_fuzz(struct sshkey *k) struct sshkey *k1; struct sshbuf *buf; struct fuzz *fuzz; + u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | + FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END; + if (test_is_fast()) + fuzzers &= ~FUZZ_1_BIT_FLIP; + if (test_is_slow()) + fuzzers |= FUZZ_2_BIT_FLIP | FUZZ_2_BYTE_FLIP; ASSERT_PTR_NE(buf = sshbuf_new(), NULL); ASSERT_INT_EQ(sshkey_putb(k, buf), 0); - /* XXX need a way to run the tests in "slow, but complete" mode */ - fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* XXX too slow FUZZ_2_BIT_FLIP | */ - FUZZ_1_BYTE_FLIP | /* XXX too slow FUZZ_2_BYTE_FLIP | */ - FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, - sshbuf_mutable_ptr(buf), sshbuf_len(buf)); + fuzz = fuzz_begin(fuzzers, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf), &k1), 0); sshkey_free(k1); @@ -77,12 +79,17 @@ sig_fuzz(struct sshkey *k, const char *sig_alg) struct fuzz *fuzz; u_char *sig, c[] = "some junk to be signed"; size_t l; + u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | + FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END; + + if (test_is_fast()) + fuzzers &= ~FUZZ_2_BYTE_FLIP; + if (test_is_slow()) + fuzzers |= FUZZ_2_BIT_FLIP; ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0); ASSERT_SIZE_T_GT(l, 0); - fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ - FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | - FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l); + fuzz = fuzz_begin(fuzzers, sig, l); ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0); free(sig); TEST_ONERROR(onerror, fuzz); @@ -96,13 +103,15 @@ sig_fuzz(struct sshkey *k, const char *sig_alg) fuzz_cleanup(fuzz); } +#define NUM_FAST_BASE64_TESTS 1024 + void sshkey_fuzz_tests(void) { struct sshkey *k1; struct sshbuf *buf, *fuzzed; struct fuzz *fuzz; - int r; + int r, i; TEST_START("fuzz RSA private"); @@ -114,12 +123,14 @@ sshkey_fuzz_tests(void) sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); TEST_ONERROR(onerror, fuzz); - for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { + for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); + if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS) + break; } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); @@ -134,12 +145,14 @@ sshkey_fuzz_tests(void) sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); TEST_ONERROR(onerror, fuzz); - for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { + for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); + if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS) + break; } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); @@ -154,12 +167,14 @@ sshkey_fuzz_tests(void) sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); TEST_ONERROR(onerror, fuzz); - for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { + for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); + if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS) + break; } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); @@ -174,12 +189,14 @@ sshkey_fuzz_tests(void) sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); TEST_ONERROR(onerror, fuzz); - for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { + for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); + if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS) + break; } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); @@ -195,12 +212,14 @@ sshkey_fuzz_tests(void) sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); TEST_ONERROR(onerror, fuzz); - for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { + for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); + if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS) + break; } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); @@ -215,12 +234,14 @@ sshkey_fuzz_tests(void) sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); TEST_ONERROR(onerror, fuzz); - for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { + for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); + if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS) + break; } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); @@ -236,12 +257,14 @@ sshkey_fuzz_tests(void) sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); TEST_ONERROR(onerror, fuzz); - for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { + for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); + if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS) + break; } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 4cc70852c..6200ccd58 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.c,v 1.8 2018/02/08 08:46:20 djm Exp $ */ +/* $OpenBSD: test_helper.c,v 1.9 2018/10/17 23:28:05 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -115,6 +115,8 @@ static test_onerror_func_t *test_onerror = NULL; static void *onerror_ctx = NULL; static const char *data_dir = NULL; static char subtest_info[512]; +static int fast = 0; +static int slow = 0; int main(int argc, char **argv) @@ -134,8 +136,14 @@ main(int argc, char **argv) } } - while ((ch = getopt(argc, argv, "vqd:")) != -1) { + while ((ch = getopt(argc, argv, "Ffvqd:")) != -1) { switch (ch) { + case 'F': + slow = 1; + break; + case 'f': + fast = 1; + break; case 'd': data_dir = optarg; break; @@ -167,17 +175,29 @@ main(int argc, char **argv) } int -test_is_verbose() +test_is_verbose(void) { return verbose_mode; } int -test_is_quiet() +test_is_quiet(void) { return quiet_mode; } +int +test_is_fast(void) +{ + return fast; +} + +int +test_is_slow(void) +{ + return slow; +} + const char * test_data_file(const char *name) { diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h index 6da0066e9..1f893c8dd 100644 --- a/regress/unittests/test_helper/test_helper.h +++ b/regress/unittests/test_helper/test_helper.h @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.h,v 1.8 2018/02/08 08:46:20 djm Exp $ */ +/* $OpenBSD: test_helper.h,v 1.9 2018/10/17 23:28:05 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -45,6 +45,8 @@ void set_onerror_func(test_onerror_func_t *f, void *ctx); void test_done(void); int test_is_verbose(void); int test_is_quiet(void); +int test_is_fast(void); +int test_is_slow(void); void test_subtest_info(const char *fmt, ...) __attribute__((format(printf, 1, 2))); void ssl_err_check(const char *file, int line); -- cgit v1.2.3 From f72d0f52effca5aa20a193217346615ecd3eed53 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 31 Oct 2018 11:09:27 +0000 Subject: upstream: UsePrivilegeSeparation no is deprecated test "yes" and "sandbox". OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da --- regress/cert-hostkey.sh | 6 +++--- regress/cert-userkey.sh | 4 ++-- regress/multipubkey.sh | 4 ++-- regress/principals-command.sh | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index d2ecd318b..3ce777967 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.16 2018/07/03 11:43:49 djm Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.17 2018/10/31 11:09:27 dtucker Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -127,7 +127,7 @@ attempt_connect() { } # Basic connect and revocation tests. -for privsep in yes no ; do +for privsep in yes sandbox ; do for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} cert connect privsep $privsep" ( @@ -165,7 +165,7 @@ for ktype in $PLAIN_TYPES ; do kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig done cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert -for privsep in yes no ; do +for privsep in yes sandbox ; do for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} revoked cert privsep $privsep" ( diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 30c2c156d..6849e9922 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.19 2018/03/12 00:54:04 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.20 2018/10/31 11:09:27 dtucker Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -47,7 +47,7 @@ done # Test explicitly-specified principals for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do t=$(kname $ktype) - for privsep in yes no ; do + for privsep in yes sandbox ; do _prefix="${ktype} privsep $privsep" # Setup for AuthorizedPrincipalsFile diff --git a/regress/multipubkey.sh b/regress/multipubkey.sh index e9d15306f..4d443ec45 100644 --- a/regress/multipubkey.sh +++ b/regress/multipubkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multipubkey.sh,v 1.1 2014/12/22 08:06:03 djm Exp $ +# $OpenBSD: multipubkey.sh,v 1.2 2018/10/31 11:09:27 dtucker Exp $ # Placed in the Public Domain. tid="multiple pubkey" @@ -31,7 +31,7 @@ grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes" opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2" -for privsep in no yes; do +for privsep in yes sandbox ; do ( grep -v "Protocol" $OBJ/sshd_proxy.orig echo "Protocol 2" diff --git a/regress/principals-command.sh b/regress/principals-command.sh index bcc68e80b..66b5b5bde 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: principals-command.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: principals-command.sh,v 1.5 2018/10/31 11:09:27 dtucker Exp $ # Placed in the Public Domain. tid="authorized principals command" @@ -57,7 +57,7 @@ fi if [ -x $PRINCIPALS_COMMAND ]; then # Test explicitly-specified principals - for privsep in yes no ; do + for privsep in yes sandbox ; do _prefix="privsep $privsep" # Setup for AuthorizedPrincipalsCommand -- cgit v1.2.3 From e4ae345dc75b34fd870c2e8690d831d2c1088eb7 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 22 Nov 2018 08:48:32 +0000 Subject: upstream: Append pid to temp files in /var/run and set a cleanup trap for them. This allows multiple instances of tests to run without colliding. OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c --- regress/Makefile | 4 +--- regress/keys-command.sh | 7 +++---- regress/principals-command.sh | 5 +++-- regress/sftp-chroot.sh | 7 +++---- 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index 647b4a049..c733dcbd9 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.97 2018/06/07 04:46:34 djm Exp $ +# $OpenBSD: Makefile,v 1.98 2018/11/22 08:48:32 dtucker Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -122,8 +122,6 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ t8.out t8.out.pub t9.out t9.out.pub testdata \ user_*key* user_ca* user_key* -SUDO_CLEAN+= /var/run/testdata_${USERNAME} /var/run/keycommand_${USERNAME} - # Enable all malloc(3) randomisations and checks TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX" diff --git a/regress/keys-command.sh b/regress/keys-command.sh index 4029e2c78..d166fc589 100644 --- a/regress/keys-command.sh +++ b/regress/keys-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keys-command.sh,v 1.4 2016/09/26 21:34:38 bluhm Exp $ +# $OpenBSD: keys-command.sh,v 1.5 2018/11/22 08:48:32 dtucker Exp $ # Placed in the Public Domain. tid="authorized keys from command" @@ -19,7 +19,8 @@ expected_key_fp=`$SSHKEYGEN -lf $OBJ/rsa.pub | awk '{ print $2 }'` # Establish a AuthorizedKeysCommand in /var/run where it will have # acceptable directory permissions. -KEY_COMMAND="/var/run/keycommand_${LOGNAME}" +KEY_COMMAND="/var/run/keycommand_${LOGNAME}.$$" +trap "${SUDO} rm -f ${KEY_COMMAND}" 0 cat << _EOF | $SUDO sh -c "rm -f '$KEY_COMMAND' ; cat > '$KEY_COMMAND'" #!/bin/sh echo args: "\$@" >> $OBJ/keys-command-args @@ -78,5 +79,3 @@ if [ -x $KEY_COMMAND ]; then else echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)" fi - -$SUDO rm -f $KEY_COMMAND diff --git a/regress/principals-command.sh b/regress/principals-command.sh index 66b5b5bde..197c00021 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: principals-command.sh,v 1.5 2018/10/31 11:09:27 dtucker Exp $ +# $OpenBSD: principals-command.sh,v 1.6 2018/11/22 08:48:32 dtucker Exp $ # Placed in the Public Domain. tid="authorized principals command" @@ -30,7 +30,8 @@ CA_FP=`${SSHKEYGEN} -lf $OBJ/user_ca_key.pub | awk '{ print $2 }'` # Establish a AuthorizedPrincipalsCommand in /var/run where it will have # acceptable directory permissions. -PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}" +PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}.$$" +trap "$SUDO rm -f ${PRINCIPALS_COMMAND}" 0 cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" #!/bin/sh test "x\$1" != "x${LOGNAME}" && exit 1 diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh index ba5bd1efb..5acc4d2de 100644 --- a/regress/sftp-chroot.sh +++ b/regress/sftp-chroot.sh @@ -1,11 +1,12 @@ -# $OpenBSD: sftp-chroot.sh,v 1.6 2018/02/09 03:42:57 dtucker Exp $ +# $OpenBSD: sftp-chroot.sh,v 1.7 2018/11/22 08:48:32 dtucker Exp $ # Placed in the Public Domain. tid="sftp in chroot" CHROOT=/var/run -FILENAME=testdata_${USER} +FILENAME=testdata_${USER}.$$ PRIVDATA=${CHROOT}/${FILENAME} +trap "${SUDO} rm -f ${PRIVDATA}" 0 if [ -z "$SUDO" -a ! -w /var/run ]; then echo "need SUDO to create file in /var/run, test won't work without" @@ -28,5 +29,3 @@ ${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \ >>$TEST_REGRESS_LOGFILE 2>&1 || \ fatal "Fetch ${FILENAME} failed" cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ" - -$SUDO rm $PRIVDATA -- cgit v1.2.3 From 5b60b6c02009547a3e2a99d4886965de2a4719da Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 22 Nov 2018 08:59:11 +0000 Subject: upstream: Output info on SIGUSR1 as well as SIGINFO to resync with portable. (ID sync only). OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16 --- regress/unittests/test_helper/test_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 6200ccd58..cd08b5778 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.c,v 1.9 2018/10/17 23:28:05 djm Exp $ */ +/* $OpenBSD: test_helper.c,v 1.10 2018/11/22 08:59:11 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller * -- cgit v1.2.3 From 42c5ec4b97b6a1bae70f323952d0646af16ce710 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 23 Nov 2018 10:40:06 +1100 Subject: refactor libcrypto initialisation Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev --- configure.ac | 15 +++++++------ entropy.c | 35 ++++++++++++++++++----------- openbsd-compat/openssl-compat.c | 23 +++++++++++-------- openbsd-compat/openssl-compat.h | 22 +----------------- regress/unittests/sshkey/tests.c | 5 ----- regress/unittests/test_helper/test_helper.c | 5 +++++ scp.c | 2 ++ sftp-server-main.c | 2 ++ sftp.c | 2 ++ ssh-add.c | 4 ---- ssh-agent.c | 4 ---- ssh-keygen.c | 7 ++---- ssh-keysign.c | 9 -------- ssh.c | 9 ++------ ssh_api.c | 4 +--- sshd.c | 8 ++----- 16 files changed, 63 insertions(+), 93 deletions(-) diff --git a/configure.ac b/configure.ac index 3f7fe2cd0..5a9b3ff11 100644 --- a/configure.ac +++ b/configure.ac @@ -2671,8 +2671,8 @@ if test "x$openssl" = "xyes" ; then AC_MSG_CHECKING([if programs using OpenSSL functions will link]) AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ #include ]], - [[ OpenSSL_add_all_algorithms(); ]])], + [AC_LANG_PROGRAM([[ #include ]], + [[ ERR_load_crypto_strings(); ]])], [ AC_MSG_RESULT([yes]) ], @@ -2682,8 +2682,8 @@ if test "x$openssl" = "xyes" ; then LIBS="$LIBS -ldl" AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ #include ]], - [[ OpenSSL_add_all_algorithms(); ]])], + [AC_LANG_PROGRAM([[ #include ]], + [[ ERR_load_crypto_strings(); ]])], [ AC_MSG_RESULT([yes]) ], @@ -2698,15 +2698,16 @@ if test "x$openssl" = "xyes" ; then AC_CHECK_FUNCS([ \ BN_is_prime_ex \ DSA_generate_parameters_ex \ - EVP_DigestInit_ex \ + EVP_CIPHER_CTX_ctrl \ EVP_DigestFinal_ex \ - EVP_MD_CTX_init \ + EVP_DigestInit_ex \ EVP_MD_CTX_cleanup \ EVP_MD_CTX_copy_ex \ + EVP_MD_CTX_init \ HMAC_CTX_init \ + OpenSSL_add_all_algorithms \ RSA_generate_key_ex \ RSA_get_default_method \ - EVP_CIPHER_CTX_ctrl \ ]) # LibreSSL/OpenSSL 1.1x API AC_CHECK_FUNCS([ \ diff --git a/entropy.c b/entropy.c index fc710ec23..97e836087 100644 --- a/entropy.c +++ b/entropy.c @@ -56,6 +56,8 @@ #include "sshbuf.h" #include "ssherr.h" +#define RANDOM_SEED_SIZE 48 + /* * Portable OpenSSH PRNG seeding: * If OpenSSL has not "internally seeded" itself (e.g. pulled data from @@ -64,8 +66,6 @@ */ #ifndef OPENSSL_PRNG_ONLY -#define RANDOM_SEED_SIZE 48 - /* * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon * listening either on 'tcp_port', or via Unix domain socket at * @@ -216,9 +216,11 @@ rexec_recv_rng_seed(struct sshbuf *m) void seed_rng(void) { -#ifndef OPENSSL_PRNG_ONLY unsigned char buf[RANDOM_SEED_SIZE]; -#endif + + /* Initialise libcrypto */ + ssh_libcrypto_init(); + if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, OpenSSL_version_num())) fatal("OpenSSL version mismatch. Built against %lx, you " @@ -226,27 +228,34 @@ seed_rng(void) OpenSSL_version_num()); #ifndef OPENSSL_PRNG_ONLY - if (RAND_status() == 1) { + if (RAND_status() == 1) debug3("RNG is ready, skipping seeding"); - return; + else { + if (seed_from_prngd(buf, sizeof(buf)) == -1) + fatal("Could not obtain seed from PRNGd"); + RAND_add(buf, sizeof(buf), sizeof(buf)); } - - if (seed_from_prngd(buf, sizeof(buf)) == -1) - fatal("Could not obtain seed from PRNGd"); - RAND_add(buf, sizeof(buf), sizeof(buf)); - memset(buf, '\0', sizeof(buf)); - #endif /* OPENSSL_PRNG_ONLY */ + if (RAND_status() != 1) fatal("PRNG is not seeded"); + + /* Ensure arc4random() is primed */ + arc4random_buf(buf, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); } #else /* WITH_OPENSSL */ -/* Handled in arc4random() */ +/* Acutal initialisation is handled in arc4random() */ void seed_rng(void) { + unsigned char buf[RANDOM_SEED_SIZE]; + + /* Ensure arc4random() is primed */ + arc4random_buf(buf, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); } #endif /* WITH_OPENSSL */ diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 5ade8f0ba..d8c00ebcb 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -66,26 +66,31 @@ ssh_compatible_openssl(long headerver, long libver) return 0; } -#ifdef USE_OPENSSL_ENGINE void -ssh_OpenSSL_add_all_algorithms(void) +ssh_libcrypto_init(void) { +#if defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS) OpenSSL_add_all_algorithms(); +#elif defined(HAVE_OPENSSL_INIT_CRYPTO) && \ + defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ + defined(OPENSSL_INIT_ADD_ALL_DIGESTS) + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | + OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); +#endif +#ifdef USE_OPENSSL_ENGINE /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); -#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \ - defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ - defined(OPENSSL_INIT_ADD_ALL_DIGESTS) && \ - defined(OPENSSL_INIT_LOAD_CONFIG) + /* Load the libcrypto config file to pick up engines defined there */ +# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG) OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); -#else +# else OPENSSL_config(NULL); -#endif +# endif +#endif /* USE_OPENSSL_ENGINE */ } -#endif #endif /* WITH_OPENSSL */ diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index b87ce59e7..917bc6f7c 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -31,6 +31,7 @@ #include int ssh_compatible_openssl(long, long); +void ssh_libcrypto_init(void); #if (OPENSSL_VERSION_NUMBER < 0x1000100fL) # error OpenSSL 1.0.1 or greater is required @@ -92,27 +93,6 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); # endif #endif -/* - * We overload some of the OpenSSL crypto functions with ssh_* equivalents - * to automatically handle OpenSSL engine initialisation. - * - * In order for the compat library to call the real functions, it must - * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and - * implement the ssh_* equivalents. - */ -#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS - -# ifdef USE_OPENSSL_ENGINE -# ifdef OpenSSL_add_all_algorithms -# undef OpenSSL_add_all_algorithms -# endif -# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() -# endif - -void ssh_OpenSSL_add_all_algorithms(void); - -#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ - /* LibreSSL/OpenSSL 1.1x API compat */ #ifndef HAVE_DSA_GET0_PQG void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, diff --git a/regress/unittests/sshkey/tests.c b/regress/unittests/sshkey/tests.c index 13f265cdb..78aa9223d 100644 --- a/regress/unittests/sshkey/tests.c +++ b/regress/unittests/sshkey/tests.c @@ -7,8 +7,6 @@ #include "includes.h" -#include - #include "../test_helper/test_helper.h" void sshkey_tests(void); @@ -18,9 +16,6 @@ void sshkey_fuzz_tests(void); void tests(void) { - OpenSSL_add_all_algorithms(); - ERR_load_CRYPTO_strings(); - sshkey_tests(); sshkey_file_tests(); sshkey_fuzz_tests(); diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index cd08b5778..6b4f343a8 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -35,11 +35,13 @@ #include #include +#include #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) # include #endif +#include "entropy.h" #include "test_helper.h" #include "atomicio.h" @@ -123,6 +125,9 @@ main(int argc, char **argv) { int ch; + seed_rng(); + ERR_load_CRYPTO_strings(); + /* Handle systems without __progname */ if (__progname == NULL) { __progname = strrchr(argv[0], '/'); diff --git a/scp.c b/scp.c index 4f3fdcd3d..eb17c3416 100644 --- a/scp.c +++ b/scp.c @@ -400,6 +400,8 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + seed_rng(); + msetlocale(); /* Copy argv, because we modify it */ diff --git a/sftp-server-main.c b/sftp-server-main.c index c6ccd623e..6230d897d 100644 --- a/sftp-server-main.c +++ b/sftp-server-main.c @@ -43,6 +43,8 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + seed_rng(); + if ((user_pw = getpwuid(getuid())) == NULL) { fprintf(stderr, "No user found for uid %lu\n", (u_long)getuid()); diff --git a/sftp.c b/sftp.c index ed95cf817..f886b330b 100644 --- a/sftp.c +++ b/sftp.c @@ -2367,6 +2367,8 @@ main(int argc, char **argv) sanitise_stdfd(); msetlocale(); + seed_rng(); + __progname = ssh_get_progname(argv[0]); memset(&args, '\0', sizeof(args)); args.list = NULL; diff --git a/ssh-add.c b/ssh-add.c index 627c02983..50165e7d6 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -544,10 +544,6 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); seed_rng(); -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); -#endif - setvbuf(stdout, NULL, _IOLBF, 0); /* First, get a connection to the authentication agent. */ diff --git a/ssh-agent.c b/ssh-agent.c index cb552462a..6baebc313 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1095,10 +1095,6 @@ main(int ac, char **av) if (getrlimit(RLIMIT_NOFILE, &rlim) == -1) fatal("%s: getrlimit: %s", __progname, strerror(errno)); -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); -#endif - __progname = ssh_get_progname(av[0]); seed_rng(); diff --git a/ssh-keygen.c b/ssh-keygen.c index 416d25be0..a67737350 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -2459,13 +2459,10 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); -#endif - log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - seed_rng(); + log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); + msetlocale(); /* we need this for the home * directory. */ diff --git a/ssh-keysign.c b/ssh-keysign.c index bcd1508c0..8f487b8c5 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -174,9 +174,6 @@ main(int argc, char **argv) u_char *signature, *data, rver; char *host, *fp; size_t slen, dlen; -#ifdef WITH_OPENSSL - u_int32_t rnd[256]; -#endif ssh_malloc_init(); /* must be called before any mallocs */ if (pledge("stdio rpath getpw dns id", NULL) != 0) @@ -224,12 +221,6 @@ main(int argc, char **argv) if (found == 0) fatal("could not open any host key"); -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); - arc4random_buf(rnd, sizeof(rnd)); - RAND_seed(rnd, sizeof(rnd)); -#endif - found = 0; for (i = 0; i < NUM_KEYTYPES; i++) { keys[i] = NULL; diff --git a/ssh.c b/ssh.c index 1e471f5c4..1ac903d16 100644 --- a/ssh.c +++ b/ssh.c @@ -610,6 +610,8 @@ main(int ac, char **av) av = saved_av; #endif + seed_rng(); + /* * Discard other fds that are hanging around. These can cause problem * with backgrounded ssh processes started by ControlPersist. @@ -1036,11 +1038,6 @@ main(int ac, char **av) host_arg = xstrdup(host); -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); -#endif - /* Initialize the command to execute on remote host. */ if ((command = sshbuf_new()) == NULL) fatal("sshbuf_new failed"); @@ -1264,8 +1261,6 @@ main(int ac, char **av) tty_flag = 0; } - seed_rng(); - if (options.user == NULL) options.user = xstrdup(pw->pw_name); diff --git a/ssh_api.c b/ssh_api.c index e727c0d69..53bbc9b49 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -81,9 +81,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) int r; if (!called) { -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); -#endif /* WITH_OPENSSL */ + seed_rng(); called = 1; } diff --git a/sshd.c b/sshd.c index afd959329..fb9d9b60f 100644 --- a/sshd.c +++ b/sshd.c @@ -1510,6 +1510,8 @@ main(int ac, char **av) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + seed_rng(); + /* Initialize configuration options to their default values. */ initialize_server_options(&options); @@ -1631,10 +1633,6 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); -#ifdef WITH_OPENSSL - OpenSSL_add_all_algorithms(); -#endif - /* If requested, redirect the logs to the specified logfile. */ if (logfile != NULL) log_redirect_stderr_to(logfile); @@ -1677,8 +1675,6 @@ main(int ac, char **av) parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, cfg, NULL); - seed_rng(); - /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); -- cgit v1.2.3 From 28c7b2cd050f4416bfcf3869a20e3ea138aa52fe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 23 Nov 2018 10:45:20 +1100 Subject: fix configure test for OpenSSL version square brackets in case statements may be eaten by autoconf. Report and fix from Filipp Gunbin; tweaked by naddy@ --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 5a9b3ff11..14e7c4a61 100644 --- a/configure.ac +++ b/configure.ac @@ -2612,7 +2612,7 @@ if test "x$openssl" = "xyes" ; then AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) ;; 100*) ;; # 1.0.x - 101000[0123456]*) + 101000[[0123456]]*) # https://github.com/openssl/openssl/pull/4613 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) ;; -- cgit v1.2.3 From deb51552c3ce7ce72c8d0232e4f36f2e7c118c7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 22 Nov 2018 19:59:28 +1100 Subject: Resync with OpenBSD by pulling in an ifdef SIGINFO. --- regress/unittests/test_helper/test_helper.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 6b4f343a8..39bab77f5 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -228,6 +228,7 @@ test_info(char *s, size_t len) *subtest_info != '\0' ? " - " : "", subtest_info); } +#ifdef SIGINFO static void siginfo(int unused __attribute__((__unused__))) { @@ -236,6 +237,7 @@ siginfo(int unused __attribute__((__unused__))) test_info(buf, sizeof(buf)); atomicio(vwrite, STDERR_FILENO, buf, strlen(buf)); } +#endif void test_start(const char *n) -- cgit v1.2.3 From c721d5877509875c8515df0215fa1dab862013bc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 23 Nov 2018 14:11:20 +1100 Subject: Move RANDOM_SEED_SIZE outside ifdef. RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code This fixes the build with configureed --without-openssl. --- entropy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entropy.c b/entropy.c index 97e836087..31a7f1c3e 100644 --- a/entropy.c +++ b/entropy.c @@ -24,6 +24,8 @@ #include "includes.h" +#define RANDOM_SEED_SIZE 48 + #ifdef WITH_OPENSSL #include @@ -56,8 +58,6 @@ #include "sshbuf.h" #include "ssherr.h" -#define RANDOM_SEED_SIZE 48 - /* * Portable OpenSSH PRNG seeding: * If OpenSSL has not "internally seeded" itself (e.g. pulled data from -- cgit v1.2.3 From 4da58d58736b065b1182b563d10ad6765d811c6d Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 23 Nov 2018 02:53:57 +0000 Subject: upstream: Remove now-unneeded ifdef SIGINFO around handler since it is now always used for SIGUSR1 even when SIGINFO is not defined. This will make things simpler in -portable. OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f --- regress/unittests/test_helper/test_helper.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 39bab77f5..e7a47b265 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.c,v 1.10 2018/11/22 08:59:11 dtucker Exp $ */ +/* $OpenBSD: test_helper.c,v 1.11 2018/11/23 02:53:57 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -228,7 +228,6 @@ test_info(char *s, size_t len) *subtest_info != '\0' ? " - " : "", subtest_info); } -#ifdef SIGINFO static void siginfo(int unused __attribute__((__unused__))) { @@ -237,7 +236,6 @@ siginfo(int unused __attribute__((__unused__))) test_info(buf, sizeof(buf)); atomicio(vwrite, STDERR_FILENO, buf, strlen(buf)); } -#endif void test_start(const char *n) -- cgit v1.2.3 From 9e34e0c59ab04514f9de9934a772283f7f372afe Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 23 Nov 2018 05:08:07 +0000 Subject: upstream: add a ssh_config "Match final" predicate Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa --- readconf.c | 44 ++++++++++++++++++++++++++++---------------- readconf.h | 6 +++--- ssh-keysign.c | 5 +++-- ssh.c | 31 ++++++++++++++++++++----------- ssh_config.5 | 26 ++++++++++++++++++++++---- 5 files changed, 76 insertions(+), 36 deletions(-) diff --git a/readconf.c b/readconf.c index 7850f2f59..7331ef5ad 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.301 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.302 2018/11/23 05:08:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -133,10 +133,11 @@ static int read_config_file_depth(const char *filename, struct passwd *pw, const char *host, const char *original_host, Options *options, - int flags, int *activep, int depth); + int flags, int *activep, int *want_final_pass, int depth); static int process_config_line_depth(Options *options, struct passwd *pw, const char *host, const char *original_host, char *line, - const char *filename, int linenum, int *activep, int flags, int depth); + const char *filename, int linenum, int *activep, int flags, + int *want_final_pass, int depth); /* Keyword tokens. */ @@ -539,8 +540,8 @@ execute_in_shell(const char *cmd) */ static int match_cfg_line(Options *options, char **condition, struct passwd *pw, - const char *host_arg, const char *original_host, int post_canon, - const char *filename, int linenum) + const char *host_arg, const char *original_host, int final_pass, + int *want_final_pass, const char *filename, int linenum) { char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria; const char *ruser; @@ -554,7 +555,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, */ port = options->port <= 0 ? default_ssh_port() : options->port; ruser = options->user == NULL ? pw->pw_name : options->user; - if (post_canon) { + if (final_pass) { host = xstrdup(options->hostname); } else if (options->hostname != NULL) { /* NB. Please keep in sync with ssh.c:main() */ @@ -586,8 +587,16 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, goto out; } attributes++; - if (strcasecmp(attrib, "canonical") == 0) { - r = !!post_canon; /* force bitmask member to boolean */ + if (strcasecmp(attrib, "canonical") == 0 || + strcasecmp(attrib, "final") == 0) { + /* + * If the config requests "Match final" then remember + * this so we can perform a second pass later. + */ + if (strcasecmp(attrib, "final") == 0 && + want_final_pass != NULL) + *want_final_pass = 1; + r = !!final_pass; /* force bitmask member to boolean */ if (r == (negate ? 1 : 0)) this_result = result = 0; debug3("%.200s line %d: %smatched '%s'", @@ -824,14 +833,14 @@ process_config_line(Options *options, struct passwd *pw, const char *host, int linenum, int *activep, int flags) { return process_config_line_depth(options, pw, host, original_host, - line, filename, linenum, activep, flags, 0); + line, filename, linenum, activep, flags, NULL, 0); } #define WHITESPACE " \t\r\n" static int process_config_line_depth(Options *options, struct passwd *pw, const char *host, const char *original_host, char *line, const char *filename, - int linenum, int *activep, int flags, int depth) + int linenum, int *activep, int flags, int *want_final_pass, int depth) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; char **cpptr, fwdarg[256]; @@ -1339,7 +1348,8 @@ parse_keytypes: fatal("Host directive not supported as a command-line " "option"); value = match_cfg_line(options, &s, pw, host, original_host, - flags & SSHCONF_POSTCANON, filename, linenum); + flags & SSHCONF_FINAL, want_final_pass, + filename, linenum); if (value < 0) fatal("%.200s line %d: Bad Match condition", filename, linenum); @@ -1548,7 +1558,7 @@ parse_keytypes: pw, host, original_host, options, flags | SSHCONF_CHECKPERM | (oactive ? 0 : SSHCONF_NEVERMATCH), - activep, depth + 1); + activep, want_final_pass, depth + 1); if (r != 1 && errno != ENOENT) { fatal("Can't open user config file " "%.100s: %.100s", gl.gl_pathv[i], @@ -1751,19 +1761,20 @@ parse_keytypes: */ int read_config_file(const char *filename, struct passwd *pw, const char *host, - const char *original_host, Options *options, int flags) + const char *original_host, Options *options, int flags, + int *want_final_pass) { int active = 1; return read_config_file_depth(filename, pw, host, original_host, - options, flags, &active, 0); + options, flags, &active, want_final_pass, 0); } #define READCONF_MAX_DEPTH 16 static int read_config_file_depth(const char *filename, struct passwd *pw, const char *host, const char *original_host, Options *options, - int flags, int *activep, int depth) + int flags, int *activep, int *want_final_pass, int depth) { FILE *f; char *line = NULL; @@ -1798,7 +1809,8 @@ read_config_file_depth(const char *filename, struct passwd *pw, /* Update line number counter. */ linenum++; if (process_config_line_depth(options, pw, host, original_host, - line, filename, linenum, activep, flags, depth) != 0) + line, filename, linenum, activep, flags, want_final_pass, + depth) != 0) bad_options++; } free(line); diff --git a/readconf.h b/readconf.h index fc7e38251..8e36bf32a 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.128 2018/09/20 03:30:44 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.129 2018/11/23 05:08:07 djm Exp $ */ /* * Author: Tatu Ylonen @@ -185,7 +185,7 @@ typedef struct { #define SSHCONF_CHECKPERM 1 /* check permissions on config file */ #define SSHCONF_USERCONF 2 /* user provided config file not system */ -#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */ +#define SSHCONF_FINAL 4 /* Final pass over config, after canon. */ #define SSHCONF_NEVERMATCH 8 /* Match/Host never matches; internal only */ #define SSH_UPDATE_HOSTKEYS_NO 0 @@ -203,7 +203,7 @@ void fill_default_options_for_canonicalization(Options *); int process_config_line(Options *, struct passwd *, const char *, const char *, char *, const char *, int, int *, int); int read_config_file(const char *, struct passwd *, const char *, - const char *, Options *, int); + const char *, Options *, int, int *); int parse_forward(struct Forward *, const char *, int, int); int parse_jump(const char *, Options *, int); int parse_ssh_uri(const char *, char **, char **, int *); diff --git a/ssh-keysign.c b/ssh-keysign.c index 8f487b8c5..7ea5ad0e9 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.56 2018/11/23 05:08:07 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -208,7 +208,8 @@ main(int argc, char **argv) /* verify that ssh-keysign is enabled by the admin */ initialize_options(&options); - (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", &options, 0); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", + &options, 0, NULL); fill_default_options(&options); if (options.enable_ssh_keysign != 1) fatal("ssh-keysign not enabled in %s", diff --git a/ssh.c b/ssh.c index 1ac903d16..c6cb7847d 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.495 2018/10/23 05:56:35 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.496 2018/11/23 05:08:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -527,7 +527,8 @@ check_load(int r, const char *path, const char *message) * file if the user specifies a config file on the command line. */ static void -process_config_files(const char *host_name, struct passwd *pw, int post_canon) +process_config_files(const char *host_name, struct passwd *pw, int final_pass, + int *want_final_pass) { char buf[PATH_MAX]; int r; @@ -535,7 +536,8 @@ process_config_files(const char *host_name, struct passwd *pw, int post_canon) if (config != NULL) { if (strcasecmp(config, "none") != 0 && !read_config_file(config, pw, host, host_name, &options, - SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0))) + SSHCONF_USERCONF | (final_pass ? SSHCONF_FINAL : 0), + want_final_pass)) fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); } else { @@ -544,12 +546,12 @@ process_config_files(const char *host_name, struct passwd *pw, int post_canon) if (r > 0 && (size_t)r < sizeof(buf)) (void)read_config_file(buf, pw, host, host_name, &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF | - (post_canon ? SSHCONF_POSTCANON : 0)); + (final_pass ? SSHCONF_FINAL : 0), want_final_pass); /* Read systemwide configuration file after user config. */ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, host, host_name, &options, - post_canon ? SSHCONF_POSTCANON : 0); + final_pass ? SSHCONF_FINAL : 0, want_final_pass); } } @@ -581,7 +583,7 @@ main(int ac, char **av) { struct ssh *ssh = NULL; int i, r, opt, exit_status, use_syslog, direct, timeout_ms; - int was_addr, config_test = 0, opt_terminated = 0; + int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0; char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile; char cname[NI_MAXHOST]; struct stat st; @@ -1089,7 +1091,9 @@ main(int ac, char **av) ); /* Parse the configuration files */ - process_config_files(host_arg, pw, 0); + process_config_files(host_arg, pw, 0, &want_final_pass); + if (want_final_pass) + debug("configuration requests final Match pass"); /* Hostname canonicalisation needs a few options filled. */ fill_default_options_for_canonicalization(&options); @@ -1146,12 +1150,17 @@ main(int ac, char **av) * If canonicalisation is enabled then re-parse the configuration * files as new stanzas may match. */ - if (options.canonicalize_hostname != 0) { - debug("Re-reading configuration after hostname " - "canonicalisation"); + if (options.canonicalize_hostname != 0 && !want_final_pass) { + debug("hostname canonicalisation enabled, " + "will re-parse configuration"); + want_final_pass = 1; + } + + if (want_final_pass) { + debug("re-parsing configuration"); free(options.hostname); options.hostname = xstrdup(host); - process_config_files(host_arg, pw, 1); + process_config_files(host_arg, pw, 1, NULL); /* * Address resolution happens early with canonicalisation * enabled and the port number may have changed since, so diff --git a/ssh_config.5 b/ssh_config.5 index 4d5b01d3e..58a5fa1c8 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $ -.Dd $Mdocdate: October 3 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.287 2018/11/23 05:08:07 djm Exp $ +.Dd $Mdocdate: November 23 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -139,6 +139,7 @@ or the single token which always matches. The available criteria keywords are: .Cm canonical , +.Cm final , .Cm exec , .Cm host , .Cm originalhost , @@ -148,12 +149,15 @@ and The .Cm all criteria must appear alone or immediately after -.Cm canonical . +.Cm canonical +or +.Cm final . Other criteria may be combined arbitrarily. All criteria but .Cm all -and .Cm canonical +and +.Cm final require an argument. Criteria may be negated by prepending an exclamation mark .Pq Sq !\& . @@ -166,6 +170,20 @@ after hostname canonicalization (see the option.) This may be useful to specify conditions that work with canonical host names only. +.Pp +The +.Cm final +keyword requests that the configuration be re-parsed (regardless of whether +.Cm CanonicalizeHostname +is enabled), and matches only during this final pass. +If +.Cm CanonicalizeHostname +is enabled, then +.Cm canonical +and +.Cm final +match during the same pass. +.Pp The .Cm exec keyword executes the specified command under the user's shell. -- cgit v1.2.3 From 98f878d2272bf8dff21f2a0265d963c29e33fed2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Nov 2018 14:05:08 +1100 Subject: Improve OpenSSL_add_all_algorithms check. OpenSSL_add_all_algorithms() may be a macro so check for that too. --- configure.ac | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 14e7c4a61..c1427247e 100644 --- a/configure.ac +++ b/configure.ac @@ -2705,10 +2705,19 @@ if test "x$openssl" = "xyes" ; then EVP_MD_CTX_copy_ex \ EVP_MD_CTX_init \ HMAC_CTX_init \ - OpenSSL_add_all_algorithms \ RSA_generate_key_ex \ RSA_get_default_method \ ]) + + # OpenSSL_add_all_algorithms may be a macro. + AC_CHECK_FUNC(OpenSSL_add_all_algorithms, + AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), + AC_CHECK_DECL(OpenSSL_add_all_algorithms, + AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , + [[#include ]] + ) + ) + # LibreSSL/OpenSSL 1.1x API AC_CHECK_FUNCS([ \ OPENSSL_init_crypto \ -- cgit v1.2.3 From 16fb23f25454991272bfe4598cc05d20fcd25116 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Nov 2018 14:05:57 +1100 Subject: Reverse order of OpenSSL init functions. Try the new init function (OPENSSL_init_crypto) before falling back to the old one (OpenSSL_add_all_algorithms). --- openbsd-compat/openssl-compat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index d8c00ebcb..a37ca61bf 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -69,13 +69,13 @@ ssh_compatible_openssl(long headerver, long libver) void ssh_libcrypto_init(void) { -#if defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS) - OpenSSL_add_all_algorithms(); -#elif defined(HAVE_OPENSSL_INIT_CRYPTO) && \ +#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \ defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ defined(OPENSSL_INIT_ADD_ALL_DIGESTS) OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); +#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS) + OpenSSL_add_all_algorithms(); #endif #ifdef USE_OPENSSL_ENGINE -- cgit v1.2.3 From 8a85f5458d1c802471ca899c97f89946f6666e61 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Nov 2018 21:44:05 +1100 Subject: Include stdio.h for FILE if needed. --- openbsd-compat/openbsd-compat.h | 1 + 1 file changed, 1 insertion(+) diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index f5c833bf2..865aaee53 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -61,6 +61,7 @@ void closefrom(int); #endif #ifndef HAVE_GETLINE +#include ssize_t getline(char **, size_t *, FILE *); #endif -- cgit v1.2.3 From dd0cf6318d9b4b3533bda1e3bc021b2cd7246b7a Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Fri, 23 Nov 2018 06:58:28 +0000 Subject: upstream: tweak previous; OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f --- ssh_config.5 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 58a5fa1c8..0a19ba64c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.287 2018/11/23 05:08:07 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.288 2018/11/23 06:58:28 jmc Exp $ .Dd $Mdocdate: November 23 2018 $ .Dt SSH_CONFIG 5 .Os @@ -154,8 +154,8 @@ or .Cm final . Other criteria may be combined arbitrarily. All criteria but -.Cm all -.Cm canonical +.Cm all , +.Cm canonical , and .Cm final require an argument. @@ -167,7 +167,7 @@ The keyword matches only when the configuration file is being re-parsed after hostname canonicalization (see the .Cm CanonicalizeHostname -option.) +option). This may be useful to specify conditions that work with canonical host names only. .Pp -- cgit v1.2.3 From 91b19198c3f604f5eef2c56dbe36f29478243141 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 28 Nov 2018 06:00:38 +0000 Subject: upstream: don't truncate user or host name in "user@host's OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360 --- sshconnect2.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index cf60c7d43..adb4e4cbd 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.289 2018/11/16 02:46:20 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.290 2018/11/28 06:00:38 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -958,8 +958,7 @@ userauth_passwd(Authctxt *authctxt) { struct ssh *ssh = active_state; /* XXX */ static int attempt = 0; - char prompt[256]; - char *password; + char *password, *prompt = NULL; const char *host = options.host_key_alias ? options.host_key_alias : authctxt->host; int r; @@ -970,8 +969,7 @@ userauth_passwd(Authctxt *authctxt) if (attempt != 1) error("Permission denied, please try again."); - snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", - authctxt->server_user, host); + xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); password = read_passphrase(prompt, 0); if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || @@ -983,7 +981,8 @@ userauth_passwd(Authctxt *authctxt) (r = sshpkt_send(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); - if (password) + free(prompt); + if (password != NULL) freezero(password, strlen(password)); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, -- cgit v1.2.3 From 87d6cf1cbc91df6815db8fe0acc7c910bc3d18e4 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 30 Nov 2018 02:24:52 +0000 Subject: upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293 OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929 --- authfd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/authfd.c b/authfd.c index ecdd869ab..cc9c6502d 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */ +/* $OpenBSD: authfd.c,v 1.112 2018/11/30 02:24:52 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -94,7 +94,7 @@ ssh_get_authentication_socket(int *fdp) *fdp = -1; authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); - if (!authsocket) + if (authsocket == NULL || *authsocket == '\0') return SSH_ERR_AGENT_NOT_PRESENT; memset(&sunaddr, 0, sizeof(sunaddr)); -- cgit v1.2.3 From 285310b897969a63ef224d39e7cc2b7316d86940 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 7 Dec 2018 02:31:20 +0000 Subject: upstream: no need to allocate channels_pre/channels_post in channel_init_channels() as we do it anyway in channel_handler_init() that we call at the end of the function. Fix from Markus Schmidt via bz#2938 OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed --- channels.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/channels.c b/channels.c index c85d46abd..6d2e1c6a6 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.386 2018/10/04 01:04:52 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.387 2018/12/07 02:31:20 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -227,11 +227,7 @@ channel_init_channels(struct ssh *ssh) { struct ssh_channels *sc; - if ((sc = calloc(1, sizeof(*sc))) == NULL || - (sc->channel_pre = calloc(SSH_CHANNEL_MAX_TYPE, - sizeof(*sc->channel_pre))) == NULL || - (sc->channel_post = calloc(SSH_CHANNEL_MAX_TYPE, - sizeof(*sc->channel_post))) == NULL) + if ((sc = calloc(1, sizeof(*sc))) == NULL) fatal("%s: allocation failed", __func__); sc->channels_alloc = 10; sc->channels = xcalloc(sc->channels_alloc, sizeof(*sc->channels)); -- cgit v1.2.3 From a784fa8c7a7b084d63bae82ccfea902131bb45c5 Mon Sep 17 00:00:00 2001 From: Kevin Adler Date: Wed, 12 Dec 2018 22:12:45 -0600 Subject: Don't pass loginmsg by address now that it's an sshbuf* In 120a1ec74, loginmsg was changed from the legacy Buffer type to struct sshbuf*, but it missed changing calls to sys_auth_allowed_user and sys_auth_record_login which passed loginmsg by address. Now that it's a pointer, just pass it directly. This only affects AIX, unless there are out of tree users. --- auth.c | 4 ++-- loginrec.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/auth.c b/auth.c index 18d0857ff..d2a8cd65b 100644 --- a/auth.c +++ b/auth.c @@ -258,7 +258,7 @@ allowed_user(struct passwd * pw) } #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER - if (!sys_auth_allowed_user(pw, &loginmsg)) + if (!sys_auth_allowed_user(pw, loginmsg)) return 0; #endif @@ -362,7 +362,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, if (authenticated) sys_auth_record_login(authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh", - &loginmsg); + loginmsg); # endif #endif #ifdef SSH_AUDIT_EVENTS diff --git a/loginrec.c b/loginrec.c index 9a427dec4..08fc73758 100644 --- a/loginrec.c +++ b/loginrec.c @@ -467,7 +467,7 @@ login_write(struct logininfo *li) #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN if (li->type == LTYPE_LOGIN && !sys_auth_record_login(li->username,li->hostname,li->line, - &loginmsg)) + loginmsg)) logit("Writing login record failed for %s", li->username); #endif #ifdef SSH_AUDIT_EVENTS -- cgit v1.2.3 From 8a22ffaa13391cfe5b40316d938fe0fb931e9296 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Dec 2018 15:41:16 +1100 Subject: expose $SSH_CONNECTION in the PAM environment This makes the connection 4-tuple available to PAM modules that wish to use it in decision-making. bz#2741 --- auth-pam.c | 10 ++++++++++ session.c | 11 +++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/auth-pam.c b/auth-pam.c index 1dec53e92..d67324e1f 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -673,6 +673,7 @@ sshpam_init(Authctxt *authctxt) { const char *pam_rhost, *pam_user, *user = authctxt->user; const char **ptr_pam_user = &pam_user; + char *laddr, *conninfo; struct ssh *ssh = active_state; /* XXX */ if (sshpam_handle != NULL) { @@ -702,6 +703,15 @@ sshpam_init(Authctxt *authctxt) sshpam_handle = NULL; return (-1); } + + laddr = get_local_ipaddr(packet_get_connection_in()); + xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + laddr, ssh_local_port(ssh)); + pam_putenv(sshpam_handle, conninfo); + free(laddr); + free(conninfo); + #ifdef PAM_TTY_KLUDGE /* * Some silly PAM modules (e.g. pam_time) require a TTY to operate. diff --git a/session.c b/session.c index a3f0b3562..d2e2fbd74 100644 --- a/session.c +++ b/session.c @@ -1162,15 +1162,18 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) char **p; /* - * Don't allow SSH_AUTH_INFO variables posted to PAM to leak - * back into the environment. + * Don't allow PAM-internal env vars to leak + * back into the session environment. */ +#define PAM_ENV_BLACKLIST "SSH_AUTH_INFO*,SSH_CONNECTION*" p = fetch_pam_child_environment(); - copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*"); + copy_environment_blacklist(p, &env, &envsize, + PAM_ENV_BLACKLIST); free_pam_environment(p); p = fetch_pam_environment(); - copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*"); + copy_environment_blacklist(p, &env, &envsize, + PAM_ENV_BLACKLIST); free_pam_environment(p); } #endif /* USE_PAM */ -- cgit v1.2.3 From 737e4edd82406595815efadc28ed5161b8b0c01a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 7 Dec 2018 03:32:26 +0000 Subject: upstream: mention that the ssh-keygen -F (find host in authorized_keys) and -R (remove host from authorized_keys) options may accept either a bare hostname or a [hostname]:port combo. bz#2935 OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780 --- ssh-keygen.1 | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index bfa2eb5f3..db0a89aac 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.150 2018/09/12 06:18:59 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.151 2018/12/07 03:32:26 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 12 2018 $ +.Dd $Mdocdate: December 7 2018 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -289,9 +289,10 @@ The default export format is .Dq RFC4716 . This option allows exporting OpenSSH keys for use by other programs, including several commercial SSH implementations. -.It Fl F Ar hostname +.It Fl F Ar hostname | [hostname]:port Search for the specified .Ar hostname +(with optional port number) in a .Pa known_hosts file, listing any occurrences found. @@ -517,9 +518,10 @@ Test whether keys have been revoked in a KRL. .It Fl q Silence .Nm ssh-keygen . -.It Fl R Ar hostname -Removes all keys belonging to +.It Fl F Ar hostname | [hostname]:port +Removes all keys belonging to the specified .Ar hostname +(with optional port number) from a .Pa known_hosts file. -- cgit v1.2.3 From 63bba57a32c5bb6158d57cf4c47022daf89c14a0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 7 Dec 2018 03:33:18 +0000 Subject: upstream: fix option letter pasto in previous OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39 --- ssh-keygen.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index db0a89aac..8e96d9014 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.151 2018/12/07 03:32:26 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.152 2018/12/07 03:33:18 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -518,7 +518,7 @@ Test whether keys have been revoked in a KRL. .It Fl q Silence .Nm ssh-keygen . -.It Fl F Ar hostname | [hostname]:port +.It Fl R Ar hostname | [hostname]:port Removes all keys belonging to the specified .Ar hostname (with optional port number) -- cgit v1.2.3 From a6a0788cbbe8dfce2819ee43b09c80725742e21c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 7 Dec 2018 03:39:40 +0000 Subject: upstream: only consider the ext-info-c extension during the initial KEX. It shouldn't be sent in subsequent ones, but if it is present we should ignore it. This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy these clients. Reported by Jakub Jelen via bz2929; ok dtucker@ OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9 --- kex.c | 6 ++++-- kex.h | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/kex.c b/kex.c index 25f9f66f6..3823a9544 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.141 2018/07/09 13:37:10 sf Exp $ */ +/* $OpenBSD: kex.c,v 1.142 2018/12/07 03:39:40 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -487,6 +487,7 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) return r; kex->done = 1; + kex->flags &= ~KEX_INITIAL; sshbuf_reset(kex->peer); /* sshbuf_reset(kex->my); */ kex->flags &= ~KEX_INIT_SENT; @@ -594,6 +595,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) if ((r = kex_prop2buf(kex->my, proposal)) != 0) goto out; kex->done = 0; + kex->flags = KEX_INITIAL; kex_reset_dispatch(ssh); ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); r = 0; @@ -839,7 +841,7 @@ kex_choose_conf(struct ssh *ssh) } /* Check whether client supports ext_info_c */ - if (kex->server) { + if (kex->server && (kex->flags & KEX_INITIAL)) { char *ext; ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); diff --git a/kex.h b/kex.h index 593de1208..0f67f58db 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.92 2018/12/07 03:39:40 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -104,6 +104,7 @@ enum kex_exchange { }; #define KEX_INIT_SENT 0x0001 +#define KEX_INITIAL 0x0002 struct sshenc { char *name; -- cgit v1.2.3 From 434b587afe41c19391821e7392005068fda76248 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 7 Dec 2018 04:36:09 +0000 Subject: upstream: Fix calculation of initial bandwidth limits. Account for written bytes before the initial timer check so that the first buffer written is accounted. Set the threshold after which the timer is checked such that the limit starts being computed as soon as possible, ie after the second buffer is written. This prevents an initial burst of traffic and provides a more accurate bandwidth limit. bz#2927, ok djm. OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6 --- misc.c | 9 ++++----- misc.h | 6 ++++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/misc.c b/misc.c index dd74c8d45..275e68141 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.135 2018/12/07 04:36:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -1335,11 +1335,11 @@ bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) { bw->buflen = buflen; bw->rate = kbps; - bw->thresh = bw->rate; + bw->thresh = buflen; bw->lamt = 0; timerclear(&bw->bwstart); timerclear(&bw->bwend); -} +} /* Callback from read/write loop to insert bandwidth-limiting delays */ void @@ -1348,12 +1348,11 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) u_int64_t waitlen; struct timespec ts, rm; + bw->lamt += read_len; if (!timerisset(&bw->bwstart)) { monotime_tv(&bw->bwstart); return; } - - bw->lamt += read_len; if (bw->lamt < bw->thresh) return; diff --git a/misc.h b/misc.h index bcae6a509..2dd61dc32 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.76 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.77 2018/12/07 04:36:09 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -135,7 +135,9 @@ void put_u32_le(void *, u_int32_t) struct bwlimit { size_t buflen; - u_int64_t rate, thresh, lamt; + u_int64_t rate; /* desired rate in kbit/s */ + u_int64_t thresh; /* threshold after which we'll check timers */ + u_int64_t lamt; /* amount written in last timer interval */ struct timeval bwstart, bwend; }; -- cgit v1.2.3 From 0a843d9a0e805f14653a555f5c7a8ba99d62c12d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 27 Dec 2018 03:25:24 +0000 Subject: upstream: move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b --- .depend | 6 +- Makefile.in | 2 +- atomicio.h | 4 +- kex.c | 294 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ kex.h | 20 ++-- kexc25519.c | 10 +- kexc25519c.c | 6 +- kexc25519s.c | 6 +- kexdh.c | 10 +- kexdhc.c | 6 +- kexdhs.c | 6 +- kexecdh.c | 10 +- kexecdhc.c | 6 +- kexecdhs.c | 6 +- kexgex.c | 10 +- kexgexc.c | 6 +- kexgexs.c | 6 +- misc.c | 77 ++++++++++++++- misc.h | 5 +- packet.c | 42 ++++----- ssh.c | 4 +- ssh.h | 6 +- ssh_api.c | 125 ++++++++++++++----------- sshconnect.c | 187 ++----------------------------------- sshconnect.h | 15 ++- sshconnect2.c | 49 +++++----- sshd.c | 118 +---------------------- 27 files changed, 548 insertions(+), 494 deletions(-) diff --git a/.depend b/.depend index f85557c9c..193130f5d 100644 --- a/.depend +++ b/.depend @@ -60,8 +60,8 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h -kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h monitor.h ssherr.h sshbuf.h -kex.o: digest.h +kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h +kex.o: monitor.h ssherr.h sshbuf.h digest.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h digest.h ssherr.h kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h digest.h ssherr.h kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h ssherr.h @@ -149,7 +149,7 @@ sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/ sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h -sshconnect.o: ssherr.h authfd.h +sshconnect.o: ssherr.h authfd.h kex.h mac.h sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h diff --git a/Makefile.in b/Makefile.in index 126b2c742..6ffccb482 100644 --- a/Makefile.in +++ b/Makefile.in @@ -186,7 +186,7 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o +ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o diff --git a/atomicio.h b/atomicio.h index 0d728ac86..8b3cc6e21 100644 --- a/atomicio.h +++ b/atomicio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */ +/* $OpenBSD: atomicio.h,v 1.12 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. @@ -29,6 +29,8 @@ #ifndef _ATOMICIO_H #define _ATOMICIO_H +struct iovec; + /* * Ensure all of data on socket comes through. f==read || f==vwrite */ diff --git a/kex.c b/kex.c index 3823a9544..30e1c261d 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.142 2018/12/07 03:39:40 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.143 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -25,19 +25,25 @@ #include "includes.h" - +#include +#include #include #include #include #include #include +#include +#include #ifdef WITH_OPENSSL #include #include #endif +#include "ssh.h" #include "ssh2.h" +#include "atomicio.h" +#include "version.h" #include "packet.h" #include "compat.h" #include "cipher.h" @@ -578,32 +584,20 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) return SSH_ERR_INTERNAL_ERROR; } -int -kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) +struct kex * +kex_new(void) { struct kex *kex; - int r; - *kexp = NULL; - if ((kex = calloc(1, sizeof(*kex))) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((kex->peer = sshbuf_new()) == NULL || - (kex->my = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = kex_prop2buf(kex->my, proposal)) != 0) - goto out; - kex->done = 0; - kex->flags = KEX_INITIAL; - kex_reset_dispatch(ssh); - ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); - r = 0; - *kexp = kex; - out: - if (r != 0) + if ((kex = calloc(1, sizeof(*kex))) == NULL || + (kex->peer = sshbuf_new()) == NULL || + (kex->my = sshbuf_new()) == NULL || + (kex->client_version = sshbuf_new()) == NULL || + (kex->server_version = sshbuf_new()) == NULL) { kex_free(kex); - return r; + return NULL; + } + return kex; } void @@ -642,6 +636,9 @@ kex_free(struct kex *kex) { u_int mode; + if (kex == NULL) + return; + #ifdef WITH_OPENSSL DH_free(kex->dh); #ifdef OPENSSL_HAS_ECC @@ -654,21 +651,34 @@ kex_free(struct kex *kex) } sshbuf_free(kex->peer); sshbuf_free(kex->my); + sshbuf_free(kex->client_version); + sshbuf_free(kex->server_version); free(kex->session_id); - free(kex->client_version_string); - free(kex->server_version_string); free(kex->failed_choice); free(kex->hostkey_alg); free(kex->name); free(kex); } +int +kex_ready(struct ssh *ssh, char *proposal[PROPOSAL_MAX]) +{ + int r; + + if ((r = kex_prop2buf(ssh->kex->my, proposal)) != 0) + return r; + ssh->kex->flags = KEX_INITIAL; + kex_reset_dispatch(ssh); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); + return 0; +} + int kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX]) { int r; - if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0) + if ((r = kex_ready(ssh, proposal)) != 0) return r; if ((r = kex_send_kexinit(ssh)) != 0) { /* we start */ kex_free(ssh->kex); @@ -1043,3 +1053,233 @@ dump_digest(char *msg, u_char *digest, int len) sshbuf_dump_data(digest, len, stderr); } #endif + +/* + * Send a plaintext error message to the peer, suffixed by \r\n. + * Only used during banner exchange, and there only for the server. + */ +static void +send_error(struct ssh *ssh, char *msg) +{ + char *crnl = "\r\n"; + + if (!ssh->kex->server) + return; + + if (atomicio(vwrite, ssh_packet_get_connection_out(ssh), + msg, strlen(msg)) != strlen(msg) || + atomicio(vwrite, ssh_packet_get_connection_out(ssh), + crnl, strlen(crnl)) != strlen(crnl)) + error("%s: write: %.100s", __func__, strerror(errno)); +} + +/* + * Sends our identification string and waits for the peer's. Will block for + * up to timeout_ms (or indefinitely if timeout_ms <= 0). + * Returns on 0 success or a ssherr.h code on failure. + */ +int +kex_exchange_identification(struct ssh *ssh, int timeout_ms, + const char *version_addendum) +{ + int remote_major, remote_minor, mismatch; + size_t len, i, n; + int r, expect_nl; + u_char c; + struct sshbuf *our_version = ssh->kex->server ? + ssh->kex->server_version : ssh->kex->client_version; + struct sshbuf *peer_version = ssh->kex->server ? + ssh->kex->client_version : ssh->kex->server_version; + char *our_version_string = NULL, *peer_version_string = NULL; + char *cp, *remote_version = NULL; + + /* Prepare and send our banner */ + sshbuf_reset(our_version); + if (version_addendum != NULL && *version_addendum == '\0') + version_addendum = NULL; + if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, + version_addendum == NULL ? "" : " ", + version_addendum == NULL ? "" : version_addendum)) != 0) { + error("%s: sshbuf_putf: %s", __func__, ssh_err(r)); + goto out; + } + + if (atomicio(vwrite, ssh_packet_get_connection_out(ssh), + sshbuf_mutable_ptr(our_version), + sshbuf_len(our_version)) != sshbuf_len(our_version)) { + error("%s: write: %.100s", __func__, strerror(errno)); + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } + if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */ + error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r)); + goto out; + } + our_version_string = sshbuf_dup_string(our_version); + if (our_version_string == NULL) { + error("%s: sshbuf_dup_string failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + debug("Local version string %.100s", our_version_string); + + /* Read other side's version identification. */ + for (n = 0; ; n++) { + if (n >= SSH_MAX_PRE_BANNER_LINES) { + send_error(ssh, "No SSH identification string " + "received."); + error("%s: No SSH version received in first %u lines " + "from server", __func__, SSH_MAX_PRE_BANNER_LINES); + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + sshbuf_reset(peer_version); + expect_nl = 0; + for (i = 0; ; i++) { + if (timeout_ms > 0) { + r = waitrfd(ssh_packet_get_connection_in(ssh), + &timeout_ms); + if (r == -1 && errno == ETIMEDOUT) { + send_error(ssh, "Timed out waiting " + "for SSH identification string."); + error("Connection timed out during " + "banner exchange"); + r = SSH_ERR_CONN_TIMEOUT; + goto out; + } else if (r == -1) { + error("%s: %s", + __func__, strerror(errno)); + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } + } + + len = atomicio(read, ssh_packet_get_connection_in(ssh), + &c, 1); + if (len != 1 && errno == EPIPE) { + error("%s: Connection closed by remote host", + __func__); + r = SSH_ERR_CONN_CLOSED; + goto out; + } else if (len != 1) { + error("%s: read: %.100s", + __func__, strerror(errno)); + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } + if (c == '\r') { + expect_nl = 1; + continue; + } + if (c == '\n') + break; + if (c == '\0' || expect_nl) { + error("%s: banner line contains invalid " + "characters", __func__); + goto invalid; + } + if ((r = sshbuf_put_u8(peer_version, c)) != 0) { + error("%s: sshbuf_put: %s", + __func__, ssh_err(r)); + goto out; + } + if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) { + error("%s: banner line too long", __func__); + goto invalid; + } + } + /* Is this an actual protocol banner? */ + if (sshbuf_len(peer_version) > 4 && + memcmp(sshbuf_ptr(peer_version), "SSH-", 4) == 0) + break; + /* If not, then just log the line and continue */ + if ((cp = sshbuf_dup_string(peer_version)) == NULL) { + error("%s: sshbuf_dup_string failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* Do not accept lines before the SSH ident from a client */ + if (ssh->kex->server) { + error("%s: client sent invalid protocol identifier " + "\"%.256s\"", __func__, cp); + free(cp); + goto invalid; + } + debug("%s: banner line %zu: %s", __func__, n, cp); + free(cp); + } + peer_version_string = sshbuf_dup_string(peer_version); + if (peer_version_string == NULL) + error("%s: sshbuf_dup_string failed", __func__); + /* XXX must be same size for sscanf */ + if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) { + error("%s: calloc failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* + * Check that the versions match. In future this might accept + * several versions and set appropriate flags to handle them. + */ + if (sscanf(peer_version_string, "SSH-%d.%d-%[^\n]\n", + &remote_major, &remote_minor, remote_version) != 3) { + error("Bad remote protocol version identification: '%.100s'", + peer_version_string); + invalid: + send_error(ssh, "Invalid SSH identification string."); + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + debug("Remote protocol version %d.%d, remote software version %.100s", + remote_major, remote_minor, remote_version); + ssh->compat = compat_datafellows(remote_version); + + mismatch = 0; + switch (remote_major) { + case 2: + break; + case 1: + if (remote_minor != 99) + mismatch = 1; + break; + default: + mismatch = 1; + break; + } + if (mismatch) { + error("Protocol major versions differ: %d vs. %d", + PROTOCOL_MAJOR_2, remote_major); + send_error(ssh, "Protocol major versions differ."); + r = SSH_ERR_NO_PROTOCOL_VERSION; + goto out; + } + + if (ssh->kex->server && (ssh->compat & SSH_BUG_PROBE) != 0) { + logit("probed from %s port %d with %s. Don't panic.", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + peer_version_string); + r = SSH_ERR_CONN_CLOSED; /* XXX */ + goto out; + } + if (ssh->kex->server && (ssh->compat & SSH_BUG_SCANNER) != 0) { + logit("scanned from %s port %d with %s. Don't panic.", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + peer_version_string); + r = SSH_ERR_CONN_CLOSED; /* XXX */ + goto out; + } + if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) { + logit("Remote version \"%.100s\" uses unsafe RSA signature " + "scheme; disabling use of RSA keys", remote_version); + } + /* success */ + r = 0; + out: + free(our_version_string); + free(peer_version_string); + free(remote_version); + return r; +} + diff --git a/kex.h b/kex.h index 0f67f58db..9ba860954 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.92 2018/12/07 03:39:40 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.93 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -145,12 +145,12 @@ struct kex { int ext_info_c; struct sshbuf *my; struct sshbuf *peer; + struct sshbuf *client_version; + struct sshbuf *server_version; sig_atomic_t done; u_int flags; int hash_alg; int ec_nid; - char *client_version_string; - char *server_version_string; char *failed_choice; int (*verify_host_key)(struct sshkey *, struct ssh *); struct sshkey *(*load_host_public_key)(int, int, struct ssh *); @@ -173,7 +173,10 @@ char *kex_alg_list(char); char *kex_names_cat(const char *, const char *); int kex_assemble_names(char **, const char *, const char *); -int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); +int kex_exchange_identification(struct ssh *, int, const char *); + +struct kex *kex_new(void); +int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); void kex_free_newkeys(struct newkeys *); void kex_free(struct kex *); @@ -199,22 +202,23 @@ int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); -int kex_dh_hash(int, const char *, const char *, +int kex_dh_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); -int kexgex_hash(int, const char *, const char *, +int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, int, int, int, const BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); -int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, +int kex_ecdh_hash(int, const EC_GROUP *, + const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); -int kex_c25519_hash(int, const char *, const char *, +int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const u_char *, const u_char *, const u_char *, size_t, u_char *, size_t *); diff --git a/kexc25519.c b/kexc25519.c index 0897b8c51..712dd523d 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.10 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.11 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -84,8 +84,8 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE], int kex_c25519_hash( int hash_alg, - const char *client_version_string, - const char *server_version_string, + const struct sshbuf *client_version, + const struct sshbuf *server_version, const u_char *ckexinit, size_t ckexinitlen, const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, @@ -101,8 +101,8 @@ kex_c25519_hash( return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_cstring(b, client_version_string)) < 0 || - (r = sshbuf_put_cstring(b, server_version_string)) < 0 || + if ((r = sshbuf_put_stringb(b, client_version)) < 0 || + (r = sshbuf_put_stringb(b, server_version)) < 0 || /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ (r = sshbuf_put_u32(b, ckexinitlen+1)) < 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) < 0 || diff --git a/kexc25519c.c b/kexc25519c.c index a8d92149c..75e7d8c57 100644 --- a/kexc25519c.c +++ b/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.9 2017/12/18 02:25:15 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.10 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -129,8 +129,8 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen = sizeof(hash); if ((r = kex_c25519_hash( kex->hash_alg, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, diff --git a/kexc25519s.c b/kexc25519s.c index 0800a7a4b..81f816e56 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.11 2017/05/31 04:19:28 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.12 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -110,8 +110,8 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) hashlen = sizeof(hash); if ((r = kex_c25519_hash( kex->hash_alg, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, diff --git a/kexdh.c b/kexdh.c index e6925b186..34c55ef9f 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.27 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -46,8 +46,8 @@ int kex_dh_hash( int hash_alg, - const char *client_version_string, - const char *server_version_string, + const struct sshbuf *client_version, + const struct sshbuf *server_version, const u_char *ckexinit, size_t ckexinitlen, const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, @@ -63,8 +63,8 @@ kex_dh_hash( return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || - (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + if ((r = sshbuf_put_stringb(b, client_version)) < 0 || + (r = sshbuf_put_stringb(b, server_version)) < 0 || /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || diff --git a/kexdhc.c b/kexdhc.c index 8b56377ad..b367832d5 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.22 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.24 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -178,8 +178,8 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) hashlen = sizeof(hash); if ((r = kex_dh_hash( kex->hash_alg, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, diff --git a/kexdhs.c b/kexdhs.c index 337aab5be..adf70babd 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.27 2018/04/10 00:10:49 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -166,8 +166,8 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) hashlen = sizeof(hash); if ((r = kex_dh_hash( kex->hash_alg, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, diff --git a/kexecdh.c b/kexecdh.c index 2a4fec6b1..4380427ea 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.6 2015/01/19 20:16:15 markus Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.7 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -50,8 +50,8 @@ int kex_ecdh_hash( int hash_alg, const EC_GROUP *ec_group, - const char *client_version_string, - const char *server_version_string, + const struct sshbuf *client_version, + const struct sshbuf *server_version, const u_char *ckexinit, size_t ckexinitlen, const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, @@ -67,8 +67,8 @@ kex_ecdh_hash( return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || - (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + if ((r = sshbuf_put_stringb(b, client_version)) < 0 || + (r = sshbuf_put_stringb(b, server_version)) < 0 || /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || diff --git a/kexecdhc.c b/kexecdhc.c index ac146a362..af556dc58 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.13 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.14 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -175,8 +175,8 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) if ((r = kex_ecdh_hash( kex->hash_alg, group, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, diff --git a/kexecdhs.c b/kexecdhs.c index af4f30309..c690feffe 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.17 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.18 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -145,8 +145,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) if ((r = kex_ecdh_hash( kex->hash_alg, group, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, diff --git a/kexgex.c b/kexgex.c index 3ca4bd370..a5d591b0a 100644 --- a/kexgex.c +++ b/kexgex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgex.c,v 1.29 2015/01/19 20:16:15 markus Exp $ */ +/* $OpenBSD: kexgex.c,v 1.30 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -46,8 +46,8 @@ int kexgex_hash( int hash_alg, - const char *client_version_string, - const char *server_version_string, + const struct sshbuf *client_version, + const struct sshbuf *server_version, const u_char *ckexinit, size_t ckexinitlen, const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, @@ -66,8 +66,8 @@ kexgex_hash( return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || - (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + if ((r = sshbuf_put_stringb(b, client_version)) < 0 || + (r = sshbuf_put_stringb(b, server_version)) < 0 || /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || diff --git a/kexgexc.c b/kexgexc.c index 0d07f73c7..f2be35ab2 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.27 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -222,8 +222,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen = sizeof(hash); if ((r = kexgex_hash( kex->hash_alg, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, diff --git a/kexgexs.c b/kexgexs.c index dc9c0bc60..cd0e758c4 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.35 2018/10/04 00:04:41 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.36 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -198,8 +198,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) hashlen = sizeof(hash); if ((r = kexgex_hash( kex->hash_alg, - kex->client_version_string, - kex->server_version_string, + kex->client_version, + kex->server_version, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, diff --git a/misc.c b/misc.c index 275e68141..bfd786ef8 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.135 2018/12/07 04:36:09 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.136 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -38,6 +38,7 @@ #ifdef HAVE_LIBGEN_H # include #endif +#include #include #include #include @@ -234,6 +235,80 @@ set_rdomain(int fd, const char *name) #endif } +/* + * Wait up to *timeoutp milliseconds for fd to be readable. Updates + * *timeoutp with time remaining. + * Returns 0 if fd ready or -1 on timeout or error (see errno). + */ +int +waitrfd(int fd, int *timeoutp) +{ + struct pollfd pfd; + struct timeval t_start; + int oerrno, r; + + monotime_tv(&t_start); + pfd.fd = fd; + pfd.events = POLLIN; + for (; *timeoutp >= 0;) { + r = poll(&pfd, 1, *timeoutp); + oerrno = errno; + ms_subtract_diff(&t_start, timeoutp); + errno = oerrno; + if (r > 0) + return 0; + else if (r == -1 && errno != EAGAIN) + return -1; + else if (r == 0) + break; + } + /* timeout */ + errno = ETIMEDOUT; + return -1; +} + +/* + * Attempt a non-blocking connect(2) to the specified address, waiting up to + * *timeoutp milliseconds for the connection to complete. If the timeout is + * <=0, then wait indefinitely. + * + * Returns 0 on success or -1 on failure. + */ +int +timeout_connect(int sockfd, const struct sockaddr *serv_addr, + socklen_t addrlen, int *timeoutp) +{ + int optval = 0; + socklen_t optlen = sizeof(optval); + + /* No timeout: just do a blocking connect() */ + if (timeoutp == NULL || *timeoutp <= 0) + return connect(sockfd, serv_addr, addrlen); + + set_nonblock(sockfd); + if (connect(sockfd, serv_addr, addrlen) == 0) { + /* Succeeded already? */ + unset_nonblock(sockfd); + return 0; + } else if (errno != EINPROGRESS) + return -1; + + if (waitrfd(sockfd, timeoutp) == -1) + return -1; + + /* Completed or failed */ + if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) { + debug("getsockopt: %s", strerror(errno)); + return -1; + } + if (optval != 0) { + errno = optval; + return -1; + } + unset_nonblock(sockfd); + return 0; +} + /* Characters considered whitespace in strsep calls. */ #define WHITESPACE " \t\r\n" #define QUOTE "\"" diff --git a/misc.h b/misc.h index 2dd61dc32..47177d838 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.77 2018/12/07 04:36:09 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.78 2018/12/27 03:25:25 djm Exp $ */ /* * Author: Tatu Ylonen @@ -17,6 +17,7 @@ #include #include +#include /* Data structure for representing a forwarding request. */ struct Forward { @@ -51,6 +52,8 @@ void set_nodelay(int); int set_reuseaddr(int); char *get_rdomain(int); int set_rdomain(int, const char *); +int waitrfd(int, int *); +int timeout_connect(int, const struct sockaddr *, socklen_t, int *); int a2port(const char *); int a2tun(const char *, int *); char *put_host_port(const char *, u_short); diff --git a/packet.c b/packet.c index dcf35e6e6..e7e6d27a7 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.278 2018/12/27 03:25:25 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -58,6 +58,7 @@ #include #include #include +#include #include #include @@ -228,6 +229,7 @@ ssh_alloc_session_state(void) if ((ssh = calloc(1, sizeof(*ssh))) == NULL || (state = calloc(1, sizeof(*state))) == NULL || + (ssh->kex = kex_new()) == NULL || (state->input = sshbuf_new()) == NULL || (state->output = sshbuf_new()) == NULL || (state->outgoing_packet = sshbuf_new()) == NULL || @@ -250,6 +252,10 @@ ssh_alloc_session_state(void) ssh->state = state; return ssh; fail: + if (ssh) { + kex_free(ssh->kex); + free(ssh); + } if (state) { sshbuf_free(state->input); sshbuf_free(state->output); @@ -257,7 +263,6 @@ ssh_alloc_session_state(void) sshbuf_free(state->outgoing_packet); free(state); } - free(ssh); return NULL; } @@ -272,8 +277,7 @@ ssh_packet_set_input_hook(struct ssh *ssh, ssh_packet_hook_fn *hook, void *ctx) int ssh_packet_is_rekeying(struct ssh *ssh) { - return ssh->state->rekeying || - (ssh->kex != NULL && ssh->kex->done == 0); + return ssh->state->rekeying || ssh->kex->done == 0; } /* @@ -932,7 +936,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) return 0; /* Haven't keyed yet or KEX in progress. */ - if (ssh->kex == NULL || ssh_packet_is_rekeying(ssh)) + if (ssh_packet_is_rekeying(ssh)) return 0; /* Peer can't rekey */ @@ -2123,6 +2127,7 @@ void ssh_packet_set_server(struct ssh *ssh) { ssh->state->server_side = 1; + ssh->kex->server = 1; /* XXX unify? */ } void @@ -2175,9 +2180,9 @@ kex_to_blob(struct sshbuf *m, struct kex *kex) (r = sshbuf_put_u32(m, kex->kex_type)) != 0 || (r = sshbuf_put_stringb(m, kex->my)) != 0 || (r = sshbuf_put_stringb(m, kex->peer)) != 0 || - (r = sshbuf_put_u32(m, kex->flags)) != 0 || - (r = sshbuf_put_cstring(m, kex->client_version_string)) != 0 || - (r = sshbuf_put_cstring(m, kex->server_version_string)) != 0) + (r = sshbuf_put_stringb(m, kex->client_version)) != 0 || + (r = sshbuf_put_stringb(m, kex->server_version)) != 0 || + (r = sshbuf_put_u32(m, kex->flags)) != 0) return r; return 0; } @@ -2327,12 +2332,8 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) struct kex *kex; int r; - if ((kex = calloc(1, sizeof(struct kex))) == NULL || - (kex->my = sshbuf_new()) == NULL || - (kex->peer = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } + if ((kex = kex_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_get_string(m, &kex->session_id, &kex->session_id_len)) != 0 || (r = sshbuf_get_u32(m, &kex->we_need)) != 0 || (r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL)) != 0 || @@ -2341,23 +2342,20 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 || (r = sshbuf_get_stringb(m, kex->my)) != 0 || (r = sshbuf_get_stringb(m, kex->peer)) != 0 || - (r = sshbuf_get_u32(m, &kex->flags)) != 0 || - (r = sshbuf_get_cstring(m, &kex->client_version_string, NULL)) != 0 || - (r = sshbuf_get_cstring(m, &kex->server_version_string, NULL)) != 0) + (r = sshbuf_get_stringb(m, kex->client_version)) != 0 || + (r = sshbuf_get_stringb(m, kex->server_version)) != 0 || + (r = sshbuf_get_u32(m, &kex->flags)) != 0) goto out; kex->server = 1; kex->done = 1; r = 0; out: if (r != 0 || kexp == NULL) { - if (kex != NULL) { - sshbuf_free(kex->my); - sshbuf_free(kex->peer); - free(kex); - } + kex_free(kex); if (kexp != NULL) *kexp = NULL; } else { + kex_free(*kexp); *kexp = kex; } return r; diff --git a/ssh.c b/ssh.c index c6cb7847d..16536a97a 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.496 2018/11/23 05:08:07 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.497 2018/12/27 03:25:25 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1490,7 +1490,7 @@ main(int ac, char **av) signal(SIGCHLD, main_sigchld_handler); /* Log into the remote system. Never returns if the login fails. */ - ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, + ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr, options.port, pw, timeout_ms); if (packet_connection_is_on_socket()) { diff --git a/ssh.h b/ssh.h index 5abfd7a68..dda6f617e 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.88 2018/06/06 18:29:18 markus Exp $ */ +/* $OpenBSD: ssh.h,v 1.89 2018/12/27 03:25:25 djm Exp $ */ /* * Author: Tatu Ylonen @@ -93,3 +93,7 @@ /* Listen backlog for sshd, ssh-agent and forwarding sockets */ #define SSH_LISTEN_BACKLOG 128 + +/* Limits for banner exchange */ +#define SSH_MAX_BANNER_LEN 8192 +#define SSH_MAX_PRE_BANNER_LINES 1024 diff --git a/ssh_api.c b/ssh_api.c index 53bbc9b49..ab209c4ca 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.8 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.9 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -34,8 +34,8 @@ #include int _ssh_exchange_banner(struct ssh *); -int _ssh_send_banner(struct ssh *, char **); -int _ssh_read_banner(struct ssh *, char **); +int _ssh_send_banner(struct ssh *, struct sshbuf *); +int _ssh_read_banner(struct ssh *, struct sshbuf *); int _ssh_order_hostkeyalgs(struct ssh *); int _ssh_verify_host_key(struct sshkey *, struct ssh *); struct sshkey *_ssh_host_public_key(int, int, struct ssh *); @@ -92,7 +92,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) /* Initialize key exchange */ proposal = kex_params ? kex_params->proposal : myproposal; - if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0) { + if ((r = kex_ready(ssh, proposal)) != 0) { ssh_free(ssh); return r; } @@ -236,8 +236,8 @@ ssh_packet_next(struct ssh *ssh, u_char *typep) * enough data. */ *typep = SSH_MSG_NONE; - if (ssh->kex->client_version_string == NULL || - ssh->kex->server_version_string == NULL) + if (sshbuf_len(ssh->kex->client_version) == 0 || + sshbuf_len(ssh->kex->server_version) == 0) return _ssh_exchange_banner(ssh); /* * If we enough data and a dispatch function then @@ -312,39 +312,46 @@ ssh_input_space(struct ssh *ssh, size_t len) /* Read other side's version identification. */ int -_ssh_read_banner(struct ssh *ssh, char **bannerp) +_ssh_read_banner(struct ssh *ssh, struct sshbuf *banner) { - struct sshbuf *input; - const char *s; - char buf[256], remote_version[256]; /* must be same size! */ + struct sshbuf *input = ssh_packet_get_input(ssh); const char *mismatch = "Protocol mismatch.\r\n"; - int r, remote_major, remote_minor; - size_t i, n, j, len; + const u_char *s = sshbuf_ptr(input); + u_char c; + char *cp, *remote_version; + int r, remote_major, remote_minor, expect_nl; + size_t n, j; - *bannerp = NULL; - input = ssh_packet_get_input(ssh); - len = sshbuf_len(input); - s = (const char *)sshbuf_ptr(input); for (j = n = 0;;) { - for (i = 0; i < sizeof(buf) - 1; i++) { - if (j >= len) - return (0); - buf[i] = s[j++]; - if (buf[i] == '\r') { - buf[i] = '\n'; - buf[i + 1] = 0; - continue; /**XXX wait for \n */ + sshbuf_reset(banner); + expect_nl = 0; + for (;;) { + if (j >= sshbuf_len(input)) + return 0; /* insufficient data in input buf */ + c = s[j++]; + if (c == '\r') { + expect_nl = 1; + continue; } - if (buf[i] == '\n') { - buf[i + 1] = 0; + if (c == '\n') break; - } + if (expect_nl) + goto bad; + if ((r = sshbuf_put_u8(banner, c)) != 0) + return r; + if (sshbuf_len(banner) > SSH_MAX_BANNER_LEN) + goto bad; } - buf[sizeof(buf) - 1] = 0; - if (strncmp(buf, "SSH-", 4) == 0) + if (sshbuf_len(banner) >= 4 && + memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0) break; - debug("ssh_exchange_identification: %s", buf); - if (ssh->kex->server || ++n > 65536) { + if ((cp = sshbuf_dup_string(banner)) == NULL) + return SSH_ERR_ALLOC_FAIL; + debug("%s: %s", __func__, cp); + free(cp); + /* Accept lines before banner only on client */ + if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) { + bad: if ((r = sshbuf_put(ssh_packet_get_output(ssh), mismatch, strlen(mismatch))) != 0) return r; @@ -354,11 +361,17 @@ _ssh_read_banner(struct ssh *ssh, char **bannerp) if ((r = sshbuf_consume(input, j)) != 0) return r; + if ((cp = sshbuf_dup_string(banner)) == NULL) + return SSH_ERR_ALLOC_FAIL; + /* XXX remote version must be the same size as banner for sscanf */ + if ((remote_version = calloc(1, sshbuf_len(banner))) == NULL) + return SSH_ERR_ALLOC_FAIL; + /* * Check that the versions match. In future this might accept * several versions and set appropriate flags to handle them. */ - if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", + if (sscanf(cp, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) != 3) return SSH_ERR_INVALID_FORMAT; debug("Remote protocol version %d.%d, remote software version %.100s", @@ -371,27 +384,29 @@ _ssh_read_banner(struct ssh *ssh, char **bannerp) } if (remote_major != 2) return SSH_ERR_PROTOCOL_MISMATCH; - chop(buf); - debug("Remote version string %.100s", buf); - if ((*bannerp = strdup(buf)) == NULL) - return SSH_ERR_ALLOC_FAIL; + debug("Remote version string %.100s", cp); + free(cp); return 0; } /* Send our own protocol version identification. */ int -_ssh_send_banner(struct ssh *ssh, char **bannerp) +_ssh_send_banner(struct ssh *ssh, struct sshbuf *banner) { - char buf[256]; + char *cp; int r; - snprintf(buf, sizeof buf, "SSH-2.0-%.100s\r\n", SSH_VERSION); - if ((r = sshbuf_put(ssh_packet_get_output(ssh), buf, strlen(buf))) != 0) + if ((r = sshbuf_putf(banner, "SSH-2.0-%.100s\r\n", SSH_VERSION)) != 0) + return r; + if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0) + return r; + /* Remove trailing \r\n */ + if ((r = sshbuf_consume_end(banner, 2)) != 0) return r; - chop(buf); - debug("Local version string %.100s", buf); - if ((*bannerp = strdup(buf)) == NULL) + if ((cp = sshbuf_dup_string(banner)) == NULL) return SSH_ERR_ALLOC_FAIL; + debug("Local version string %.100s", cp); + free(cp); return 0; } @@ -408,25 +423,25 @@ _ssh_exchange_banner(struct ssh *ssh) r = 0; if (kex->server) { - if (kex->server_version_string == NULL) - r = _ssh_send_banner(ssh, &kex->server_version_string); + if (sshbuf_len(ssh->kex->server_version) == 0) + r = _ssh_send_banner(ssh, ssh->kex->server_version); if (r == 0 && - kex->server_version_string != NULL && - kex->client_version_string == NULL) - r = _ssh_read_banner(ssh, &kex->client_version_string); + sshbuf_len(ssh->kex->server_version) != 0 && + sshbuf_len(ssh->kex->client_version) == 0) + r = _ssh_read_banner(ssh, ssh->kex->client_version); } else { - if (kex->server_version_string == NULL) - r = _ssh_read_banner(ssh, &kex->server_version_string); + if (sshbuf_len(ssh->kex->server_version) == 0) + r = _ssh_read_banner(ssh, ssh->kex->server_version); if (r == 0 && - kex->server_version_string != NULL && - kex->client_version_string == NULL) - r = _ssh_send_banner(ssh, &kex->client_version_string); + sshbuf_len(ssh->kex->server_version) != 0 && + sshbuf_len(ssh->kex->client_version) == 0) + r = _ssh_send_banner(ssh, ssh->kex->client_version); } if (r != 0) return r; /* start initial kex as soon as we have exchanged the banners */ - if (kex->server_version_string != NULL && - kex->client_version_string != NULL) { + if (sshbuf_len(ssh->kex->server_version) != 0 && + sshbuf_len(ssh->kex->client_version) != 0) { if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 || (r = kex_send_kexinit(ssh)) != 0) return r; diff --git a/sshconnect.c b/sshconnect.c index 4862da5ed..884e33628 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.308 2018/11/18 22:43:29 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.309 2018/12/27 03:25:25 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -68,9 +68,8 @@ #include "authfile.h" #include "ssherr.h" #include "authfd.h" +#include "kex.h" -char *client_version_string = NULL; -char *server_version_string = NULL; struct sshkey *previous_host_key = NULL; static int matching_host_key_dns = 0; @@ -444,73 +443,6 @@ fail: return sock; } -/* - * Wait up to *timeoutp milliseconds for fd to be readable. Updates - * *timeoutp with time remaining. - * Returns 0 if fd ready or -1 on timeout or error (see errno). - */ -static int -waitrfd(int fd, int *timeoutp) -{ - struct pollfd pfd; - struct timeval t_start; - int oerrno, r; - - monotime_tv(&t_start); - pfd.fd = fd; - pfd.events = POLLIN; - for (; *timeoutp >= 0;) { - r = poll(&pfd, 1, *timeoutp); - oerrno = errno; - ms_subtract_diff(&t_start, timeoutp); - errno = oerrno; - if (r > 0) - return 0; - else if (r == -1 && errno != EAGAIN) - return -1; - else if (r == 0) - break; - } - /* timeout */ - errno = ETIMEDOUT; - return -1; -} - -static int -timeout_connect(int sockfd, const struct sockaddr *serv_addr, - socklen_t addrlen, int *timeoutp) -{ - int optval = 0; - socklen_t optlen = sizeof(optval); - - /* No timeout: just do a blocking connect() */ - if (*timeoutp <= 0) - return connect(sockfd, serv_addr, addrlen); - - set_nonblock(sockfd); - if (connect(sockfd, serv_addr, addrlen) == 0) { - /* Succeeded already? */ - unset_nonblock(sockfd); - return 0; - } else if (errno != EINPROGRESS) - return -1; - - if (waitrfd(sockfd, timeoutp) == -1) - return -1; - - /* Completed or failed */ - if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) { - debug("getsockopt: %s", strerror(errno)); - return -1; - } - if (optval != 0) { - errno = optval; - return -1; - } - unset_nonblock(sockfd); - return 0; -} - /* * Opens a TCP/IP connection to the remote server on the given host. * The address of the remote host will be returned in hostaddr. @@ -629,110 +561,6 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, return ssh_proxy_connect(ssh, host, port, options.proxy_command); } -static void -send_client_banner(int connection_out, int minor1) -{ - /* Send our own protocol version identification. */ - xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); - if (atomicio(vwrite, connection_out, client_version_string, - strlen(client_version_string)) != strlen(client_version_string)) - fatal("write: %.100s", strerror(errno)); - chop(client_version_string); - debug("Local version string %.100s", client_version_string); -} - -/* - * Waits for the server identification string, and sends our own - * identification string. - */ -void -ssh_exchange_identification(int timeout_ms) -{ - char buf[256], remote_version[256]; /* must be same size! */ - int remote_major, remote_minor, mismatch; - int connection_in = packet_get_connection_in(); - int connection_out = packet_get_connection_out(); - u_int i, n; - size_t len; - int rc; - - send_client_banner(connection_out, 0); - - /* Read other side's version identification. */ - for (n = 0;;) { - for (i = 0; i < sizeof(buf) - 1; i++) { - if (timeout_ms > 0) { - rc = waitrfd(connection_in, &timeout_ms); - if (rc == -1 && errno == ETIMEDOUT) { - fatal("Connection timed out during " - "banner exchange"); - } else if (rc == -1) { - fatal("%s: %s", - __func__, strerror(errno)); - } - } - - len = atomicio(read, connection_in, &buf[i], 1); - if (len != 1 && errno == EPIPE) - fatal("ssh_exchange_identification: " - "Connection closed by remote host"); - else if (len != 1) - fatal("ssh_exchange_identification: " - "read: %.100s", strerror(errno)); - if (buf[i] == '\r') { - buf[i] = '\n'; - buf[i + 1] = 0; - continue; /**XXX wait for \n */ - } - if (buf[i] == '\n') { - buf[i + 1] = 0; - break; - } - if (++n > 65536) - fatal("ssh_exchange_identification: " - "No banner received"); - } - buf[sizeof(buf) - 1] = 0; - if (strncmp(buf, "SSH-", 4) == 0) - break; - debug("ssh_exchange_identification: %s", buf); - } - server_version_string = xstrdup(buf); - - /* - * Check that the versions match. In future this might accept - * several versions and set appropriate flags to handle them. - */ - if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n", - &remote_major, &remote_minor, remote_version) != 3) - fatal("Bad remote protocol version identification: '%.100s'", buf); - debug("Remote protocol version %d.%d, remote software version %.100s", - remote_major, remote_minor, remote_version); - - active_state->compat = compat_datafellows(remote_version); - mismatch = 0; - - switch (remote_major) { - case 2: - break; - case 1: - if (remote_minor != 99) - mismatch = 1; - break; - default: - mismatch = 1; - break; - } - if (mismatch) - fatal("Protocol major versions differ: %d vs. %d", - PROTOCOL_MAJOR_2, remote_major); - if ((datafellows & SSH_BUG_RSASIGMD5) != 0) - logit("Server version \"%.100s\" uses unsafe RSA signature " - "scheme; disabling use of RSA keys", remote_version); - chop(server_version_string); -} - /* defaults to 'no' */ static int confirm(const char *prompt) @@ -1426,7 +1254,7 @@ out: * This function does not require super-user privileges. */ void -ssh_login(Sensitive *sensitive, const char *orighost, +ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms) { char *host; @@ -1440,16 +1268,17 @@ ssh_login(Sensitive *sensitive, const char *orighost, lowercase(host); /* Exchange protocol version identification strings with the server. */ - ssh_exchange_identification(timeout_ms); + if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0) + cleanup_exit(255); /* error already logged */ /* Put the connection into non-blocking mode. */ - packet_set_nonblocking(); + ssh_packet_set_nonblocking(ssh); /* key exchange */ /* authenticate user */ debug("Authenticating to %s:%d as '%s'", host, port, server_user); - ssh_kex2(host, hostaddr, port); - ssh_userauth2(local_user, server_user, host, sensitive); + ssh_kex2(ssh, host, hostaddr, port); + ssh_userauth2(ssh, local_user, server_user, host, sensitive); free(local_user); } diff --git a/sshconnect.h b/sshconnect.h index 890d85733..44a5071c7 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.35 2018/07/19 10:28:47 dtucker Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.36 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -37,21 +37,18 @@ int ssh_connect(struct ssh *, const char *, struct addrinfo *, struct sockaddr_storage *, u_short, int, int, int *, int); void ssh_kill_proxy_command(void); -void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, - struct passwd *, int); - -void ssh_exchange_identification(int); +void ssh_login(struct ssh *, Sensitive *, const char *, + struct sockaddr *, u_short, struct passwd *, int); int verify_host_key(char *, struct sockaddr *, struct sshkey *); void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, char **, char **); -void ssh_kex(char *, struct sockaddr *); -void ssh_kex2(char *, struct sockaddr *, u_short); +void ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short); -void ssh_userauth1(const char *, const char *, char *, Sensitive *); -void ssh_userauth2(const char *, const char *, char *, Sensitive *); +void ssh_userauth2(struct ssh *ssh, const char *, const char *, + char *, Sensitive *); void ssh_put_password(char *); int ssh_local_cmd(const char *); diff --git a/sshconnect2.c b/sshconnect2.c index adb4e4cbd..19caebabc 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.290 2018/11/28 06:00:38 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -155,11 +155,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) } void -ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) +ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; char *s, *all_key; - struct kex *kex; int r; xxx_host = host; @@ -199,36 +198,33 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) options.rekey_interval); /* start key exchange */ - if ((r = kex_setup(active_state, myproposal)) != 0) + if ((r = kex_setup(ssh, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); - kex = active_state->kex; #ifdef WITH_OPENSSL - kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; - kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; - kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; - kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; - kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; - kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; - kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; + ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; + ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; + ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC - kex->kex[KEX_ECDH_SHA2] = kexecdh_client; + ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; # endif #endif - kex->kex[KEX_C25519_SHA256] = kexc25519_client; - kex->client_version_string=client_version_string; - kex->server_version_string=server_version_string; - kex->verify_host_key=&verify_host_key_callback; + ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; + ssh->kex->verify_host_key=&verify_host_key_callback; - ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); /* remove ext-info from the KEX proposals for rekeying */ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(options.kex_algorithms); - if ((r = kex_prop2buf(kex->my, myproposal)) != 0) + if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) fatal("kex_prop2buf: %s", ssh_err(r)); - session_id2 = kex->session_id; - session_id2_len = kex->session_id_len; + session_id2 = ssh->kex->session_id; + session_id2_len = ssh->kex->session_id_len; #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ @@ -365,10 +361,9 @@ Authmethod authmethods[] = { }; void -ssh_userauth2(const char *local_user, const char *server_user, char *host, - Sensitive *sensitive) +ssh_userauth2(struct ssh *ssh, const char *local_user, + const char *server_user, char *host, Sensitive *sensitive) { - struct ssh *ssh = active_state; Authctxt authctxt; int r; @@ -392,8 +387,10 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, authctxt.info_req_seen = 0; authctxt.agent_fd = -1; pubkey_prepare(&authctxt); - if (authctxt.method == NULL) - fatal("ssh_userauth2: internal error: cannot send userauth none request"); + if (authctxt.method == NULL) { + fatal("%s: internal error: cannot send userauth none request", + __func__); + } if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || diff --git a/sshd.c b/sshd.c index fb9d9b60f..3461383a0 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.519 2018/11/19 04:12:32 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.520 2018/12/27 03:25:25 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -180,13 +180,6 @@ char **rexec_argv; int listen_socks[MAX_LISTEN_SOCKS]; int num_listen_socks = 0; -/* - * the client's version string, passed by sshd2 in compat mode. if != NULL, - * sshd will skip the version-number exchange - */ -char *client_version_string = NULL; -char *server_version_string = NULL; - /* Daemon's agent connection */ int auth_sock = -1; int have_agent = 0; @@ -363,108 +356,6 @@ grace_alarm_handler(int sig) ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); } -static void -sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) -{ - u_int i; - int remote_major, remote_minor; - char *s; - char buf[256]; /* Must not be larger than remote_version. */ - char remote_version[256]; /* Must be at least as big as buf. */ - - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum); - - /* Send our protocol version identification. */ - if (atomicio(vwrite, sock_out, server_version_string, - strlen(server_version_string)) - != strlen(server_version_string)) { - logit("Could not write ident string to %s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - cleanup_exit(255); - } - - /* Read other sides version identification. */ - memset(buf, 0, sizeof(buf)); - for (i = 0; i < sizeof(buf) - 1; i++) { - if (atomicio(read, sock_in, &buf[i], 1) != 1) { - logit("Did not receive identification string " - "from %s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - cleanup_exit(255); - } - if (buf[i] == '\r') { - buf[i] = 0; - /* Kludge for F-Secure Macintosh < 1.0.2 */ - if (i == 12 && - strncmp(buf, "SSH-1.5-W1.0", 12) == 0) - break; - continue; - } - if (buf[i] == '\n') { - buf[i] = 0; - break; - } - } - buf[sizeof(buf) - 1] = 0; - client_version_string = xstrdup(buf); - - /* - * Check that the versions match. In future this might accept - * several versions and set appropriate flags to handle them. - */ - if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", - &remote_major, &remote_minor, remote_version) != 3) { - s = "Protocol mismatch.\n"; - (void) atomicio(vwrite, sock_out, s, strlen(s)); - logit("Bad protocol version identification '%.100s' " - "from %s port %d", client_version_string, - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - close(sock_in); - close(sock_out); - cleanup_exit(255); - } - debug("Client protocol version %d.%d; client software version %.100s", - remote_major, remote_minor, remote_version); - - ssh->compat = compat_datafellows(remote_version); - - if ((ssh->compat & SSH_BUG_PROBE) != 0) { - logit("probed from %s port %d with %s. Don't panic.", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - client_version_string); - cleanup_exit(255); - } - if ((ssh->compat & SSH_BUG_SCANNER) != 0) { - logit("scanned from %s port %d with %s. Don't panic.", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - client_version_string); - cleanup_exit(255); - } - if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - logit("Client version \"%.100s\" uses unsafe RSA signature " - "scheme; disabling use of RSA keys", remote_version); - } - - chop(server_version_string); - debug("Local version string %.200s", server_version_string); - - if (remote_major != 2 && - !(remote_major == 1 && remote_minor == 99)) { - s = "Protocol major versions differ.\n"; - (void) atomicio(vwrite, sock_out, s, strlen(s)); - close(sock_in); - close(sock_out); - logit("Protocol major versions differ for %s port %d: " - "%.200s vs. %.200s", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - server_version_string, client_version_string); - cleanup_exit(255); - } -} - /* Destroy the host and server keys. They will no longer be needed. */ void destroy_sensitive_data(void) @@ -2115,7 +2006,9 @@ main(int ac, char **av) if (!debug_flag) alarm(options.login_grace_time); - sshd_exchange_identification(ssh, sock_in, sock_out); + if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0) + cleanup_exit(255); /* error already logged */ + packet_set_nonblocking(); /* allocate authentication context */ @@ -2303,9 +2196,6 @@ do_ssh2_kex(void) # endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; - kex->server = 1; - kex->client_version_string=client_version_string; - kex->server_version_string=server_version_string; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; -- cgit v1.2.3 From bb542f0cf6f7511a22a08c492861e256a82376a9 Mon Sep 17 00:00:00 2001 From: "tedu@openbsd.org" Date: Sat, 15 Dec 2018 00:50:21 +0000 Subject: upstream: remove unused and problematic sudo clean. ok espie OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b --- regress/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index c733dcbd9..62e55533b 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.98 2018/11/22 08:48:32 dtucker Exp $ +# $OpenBSD: Makefile,v 1.99 2018/12/15 00:50:21 tedu Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -11,7 +11,6 @@ prep: clean: for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done - test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN} rm -rf $(OBJ).putty distclean: clean -- cgit v1.2.3 From eb347d086c35428c47fe52b34588cbbc9b49d9a6 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 27 Dec 2018 03:37:49 +0000 Subject: upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so don't do explicit kex_free() beforehand OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf --- regress/unittests/kex/test_kex.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index 6e5999bb9..90f1ebf45 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_kex.c,v 1.2 2015/07/10 06:23:25 markus Exp $ */ +/* $OpenBSD: test_kex.c,v 1.3 2018/12/27 03:37:49 djm Exp $ */ /* * Regress test KEX * @@ -139,7 +139,6 @@ do_kex_with_key(char *kex, int keytype, int bits) ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0); ASSERT_PTR_NE(server2, NULL); ASSERT_INT_EQ(ssh_add_hostkey(server2, private), 0); - kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */ ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0); ASSERT_INT_EQ(sshbuf_len(state), 0); sshbuf_free(state); -- cgit v1.2.3 From 007a88b48c97d092ed2f501bbdcb70d9925277be Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 27 Dec 2018 23:02:11 +0000 Subject: upstream: Request RSA-SHA2 signatures for rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@ OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033 --- authfd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/authfd.c b/authfd.c index cc9c6502d..95348abfc 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.112 2018/11/30 02:24:52 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.113 2018/12/27 23:02:11 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -327,10 +327,12 @@ ssh_free_identitylist(struct ssh_identitylist *idl) static u_int agent_encode_alg(const struct sshkey *key, const char *alg) { - if (alg != NULL && key->type == KEY_RSA) { - if (strcmp(alg, "rsa-sha2-256") == 0) + if (alg != NULL && sshkey_type_plain(key->type) == KEY_RSA) { + if (strcmp(alg, "rsa-sha2-256") == 0 || + strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0) return SSH_AGENT_RSA_SHA2_256; - else if (strcmp(alg, "rsa-sha2-512") == 0) + if (strcmp(alg, "rsa-sha2-512") == 0 || + strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0) return SSH_AGENT_RSA_SHA2_512; } return 0; -- cgit v1.2.3 From 5bed70afce0907b6217418d0655724c99b683d93 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 1 Jan 2019 23:10:53 +0000 Subject: upstream: static on global vars, const on handler tables that contain function pointers; from Mike Frysinger OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0 --- sftp-server.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sftp-server.c b/sftp-server.c index ab1b063f2..de9ad3d3b 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.112 2018/06/01 03:33:53 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.113 2019/01/01 23:10:53 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -117,7 +117,7 @@ struct sftp_handler { int does_write; /* if nonzero, banned for readonly mode */ }; -struct sftp_handler handlers[] = { +static const struct sftp_handler handlers[] = { /* NB. SSH2_FXP_OPEN does the readonly check in the handler itself */ { "open", NULL, SSH2_FXP_OPEN, process_open, 0 }, { "close", NULL, SSH2_FXP_CLOSE, process_close, 0 }, @@ -141,7 +141,7 @@ struct sftp_handler handlers[] = { }; /* SSH2_FXP_EXTENDED submessages */ -struct sftp_handler extended_handlers[] = { +static const struct sftp_handler extended_handlers[] = { { "posix-rename", "posix-rename@openssh.com", 0, process_extended_posix_rename, 1 }, { "statvfs", "statvfs@openssh.com", 0, process_extended_statvfs, 0 }, @@ -152,7 +152,7 @@ struct sftp_handler extended_handlers[] = { }; static int -request_permitted(struct sftp_handler *h) +request_permitted(const struct sftp_handler *h) { char *result; @@ -285,9 +285,9 @@ enum { HANDLE_FILE }; -Handle *handles = NULL; -u_int num_handles = 0; -int first_unused_handle = -1; +static Handle *handles = NULL; +static u_int num_handles = 0; +static int first_unused_handle = -1; static void handle_unused(int i) { -- cgit v1.2.3 From 8a8183474c41bd6cebaa917346b549af2239ba2f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 4 Jan 2019 03:23:00 +0000 Subject: upstream: fix memory leak of ciphercontext when rekeying; bz#2942 Patch from Markus Schmidt; ok markus@ OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd --- packet.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packet.c b/packet.c index e7e6d27a7..ded5a3201 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.278 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.279 2019/01/04 03:23:00 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -862,8 +862,6 @@ ssh_set_newkeys(struct ssh *ssh, int mode) (unsigned long long)state->p_read.blocks, (unsigned long long)state->p_send.bytes, (unsigned long long)state->p_send.blocks); - cipher_free(*ccp); - *ccp = NULL; kex_free_newkeys(state->newkeys[mode]); state->newkeys[mode] = NULL; } @@ -882,6 +880,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) } mac->enabled = 1; DBG(debug("cipher_init_context: %d", mode)); + cipher_free(*ccp); + *ccp = NULL; if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len, enc->iv, enc->iv_len, crypt_type)) != 0) return r; -- cgit v1.2.3 From 4a526941d328fc3d97068c6a4cbd9b71b70fe5e1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 4 Jan 2019 03:27:50 +0000 Subject: upstream: eliminate function-static attempt counters for passwd/kbdint authmethods by moving them to the client authctxt; Patch from Markus Schmidt, ok markus@ OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f --- sshconnect2.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index 19caebabc..0e8f323d6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.292 2019/01/04 03:27:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -264,7 +264,6 @@ struct cauthctxt { struct cauthmethod *method; sig_atomic_t success; char *authlist; - int attempt; /* pubkey */ struct idlist keys; int agent_fd; @@ -274,6 +273,9 @@ struct cauthctxt { const char *active_ktype; /* kbd-interactive */ int info_req_seen; + int attempt_kbdint; + /* password */ + int attempt_passwd; /* generic */ void *methoddata; }; @@ -385,6 +387,8 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, authctxt.sensitive = sensitive; authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; authctxt.info_req_seen = 0; + authctxt.attempt_kbdint = 0; + authctxt.attempt_passwd = 0; authctxt.agent_fd = -1; pubkey_prepare(&authctxt); if (authctxt.method == NULL) { @@ -954,16 +958,15 @@ int userauth_passwd(Authctxt *authctxt) { struct ssh *ssh = active_state; /* XXX */ - static int attempt = 0; char *password, *prompt = NULL; const char *host = options.host_key_alias ? options.host_key_alias : authctxt->host; int r; - if (attempt++ >= options.number_of_password_prompts) + if (authctxt->attempt_passwd++ >= options.number_of_password_prompts) return 0; - if (attempt != 1) + if (authctxt->attempt_passwd != 1) error("Permission denied, please try again."); xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); @@ -1705,13 +1708,12 @@ int userauth_kbdint(Authctxt *authctxt) { struct ssh *ssh = active_state; /* XXX */ - static int attempt = 0; int r; - if (attempt++ >= options.number_of_password_prompts) + if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts) return 0; /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ - if (attempt > 1 && !authctxt->info_req_seen) { + if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) { debug3("userauth_kbdint: disable: no info_req_seen"); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); return 0; -- cgit v1.2.3 From dbbc7e0eab7262f34b8e0cd6efecd1c77b905ed0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 16 Jan 2019 23:22:10 +0000 Subject: upstream: add support for a "lsetstat@openssh.com" extension. This replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but with more attribute modifications supported. ok markus@ dtucker@ OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80 --- sftp-server.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/sftp-server.c b/sftp-server.c index de9ad3d3b..19a132bd9 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.113 2019/01/01 23:10:53 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.114 2019/01/16 23:22:10 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -107,6 +107,7 @@ static void process_extended_statvfs(u_int32_t id); static void process_extended_fstatvfs(u_int32_t id); static void process_extended_hardlink(u_int32_t id); static void process_extended_fsync(u_int32_t id); +static void process_extended_lsetstat(u_int32_t id); static void process_extended(u_int32_t id); struct sftp_handler { @@ -148,6 +149,7 @@ static const struct sftp_handler extended_handlers[] = { { "fstatvfs", "fstatvfs@openssh.com", 0, process_extended_fstatvfs, 0 }, { "hardlink", "hardlink@openssh.com", 0, process_extended_hardlink, 1 }, { "fsync", "fsync@openssh.com", 0, process_extended_fsync, 1 }, + { "lsetstat", "lsetstat@openssh.com", 0, process_extended_lsetstat, 1 }, { NULL, NULL, 0, NULL, 0 } }; @@ -666,6 +668,8 @@ process_init(void) (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */ /* fsync extension */ (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */ + (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 || (r = sshbuf_put_cstring(msg, "1")) != 0) /* version */ fatal("%s: buffer error: %s", __func__, ssh_err(r)); send_msg(msg); @@ -889,6 +893,18 @@ attrib_to_tv(const Attrib *a) return tv; } +static struct timespec * +attrib_to_ts(const Attrib *a) +{ + static struct timespec ts[2]; + + ts[0].tv_sec = a->atime; + ts[0].tv_nsec = 0; + ts[1].tv_sec = a->mtime; + ts[1].tv_nsec = 0; + return ts; +} + static void process_setstat(u_int32_t id) { @@ -1369,6 +1385,55 @@ process_extended_fsync(u_int32_t id) send_status(id, status); } +static void +process_extended_lsetstat(u_int32_t id) +{ + Attrib a; + char *name; + int r, status = SSH2_FX_OK; + + if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = decode_attrib(iqueue, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + debug("request %u: lsetstat name \"%s\"", id, name); + if (a.flags & SSH2_FILEXFER_ATTR_SIZE) { + /* nonsensical for links */ + status = SSH2_FX_BAD_MESSAGE; + goto out; + } + if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + logit("set \"%s\" mode %04o", name, a.perm); + r = fchmodat(AT_FDCWD, name, + a.perm & 07777, AT_SYMLINK_NOFOLLOW); + if (r == -1) + status = errno_to_portable(errno); + } + if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) { + char buf[64]; + time_t t = a.mtime; + + strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", + localtime(&t)); + logit("set \"%s\" modtime %s", name, buf); + r = utimensat(AT_FDCWD, name, + attrib_to_ts(&a), AT_SYMLINK_NOFOLLOW); + if (r == -1) + status = errno_to_portable(errno); + } + if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) { + logit("set \"%s\" owner %lu group %lu", name, + (u_long)a.uid, (u_long)a.gid); + r = fchownat(AT_FDCWD, name, a.uid, a.gid, + AT_SYMLINK_NOFOLLOW); + if (r == -1) + status = errno_to_portable(errno); + } + out: + send_status(id, status); + free(name); +} + static void process_extended(u_int32_t id) { -- cgit v1.2.3 From 60d8c84e0887514c99c9ce071965fafaa1c3d34a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 16 Jan 2019 23:23:45 +0000 Subject: upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to request they do not follow symlinks. Requires recently-committed lsetstat@openssh.com extension on the server side. ok markus@ dtucker@ OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604 --- sftp-client.c | 42 ++++++++++++++++++++++++++++++++++++++---- sftp-client.h | 5 ++++- sftp.1 | 31 ++++++++++++++++++++++++++----- sftp.c | 43 +++++++++++++++++++++++++++++++++++-------- 4 files changed, 103 insertions(+), 18 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 4986d6d8d..d3f80e5a0 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.130 2018/07/31 03:07:24 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.131 2019/01/16 23:23:45 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -86,6 +86,7 @@ struct sftp_conn { #define SFTP_EXT_FSTATVFS 0x00000004 #define SFTP_EXT_HARDLINK 0x00000008 #define SFTP_EXT_FSYNC 0x00000010 +#define SFTP_EXT_LSETSTAT 0x00000020 u_int exts; u_int64_t limit_kbps; struct bwlimit bwlimit_in, bwlimit_out; @@ -463,6 +464,10 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, strcmp((char *)value, "1") == 0) { ret->exts |= SFTP_EXT_FSYNC; known = 1; + } else if (strcmp(name, "lsetstat@openssh.com") == 0 && + strcmp((char *)value, "1") == 0) { + ret->exts |= SFTP_EXT_LSETSTAT; + known = 1; } if (known) { debug2("Server supports extension \"%s\" revision %s", @@ -1096,7 +1101,6 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st, if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); - sshbuf_reset(msg); if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 || @@ -1125,7 +1129,6 @@ do_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len, if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); - sshbuf_reset(msg); if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 || @@ -1138,6 +1141,38 @@ do_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len, } #endif +int +do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a) +{ + struct sshbuf *msg; + u_int status, id; + int r; + + if ((conn->exts & SFTP_EXT_LSETSTAT) == 0) { + error("Server does not support lsetstat@openssh.com extension"); + return -1; + } + + id = conn->msg_id++; + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, path)) != 0 || + (r = encode_attrib(msg, a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); + sshbuf_free(msg); + + status = get_status(conn, id); + if (status != SSH2_FX_OK) + error("Couldn't setstat on \"%s\": %s", path, + fx2txt(status)); + + return status == SSH2_FX_OK ? 0 : -1; +} + static void send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, u_int len, const u_char *handle, u_int handle_len) @@ -1147,7 +1182,6 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); - sshbuf_reset(msg); if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_string(msg, handle, handle_len)) != 0 || diff --git a/sftp-client.h b/sftp-client.h index 14a3b8182..63a9b8b13 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.27 2015/05/08 06:45:13 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.28 2019/01/16 23:23:45 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -91,6 +91,9 @@ int do_setstat(struct sftp_conn *, const char *, Attrib *); /* Set file attributes of open file 'handle' */ int do_fsetstat(struct sftp_conn *, const u_char *, u_int, Attrib *); +/* Set file attributes of 'path', not following symlinks */ +int do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a); + /* Canonicalise 'path' - caller must free result */ char *do_realpath(struct sftp_conn *, const char *); diff --git a/sftp.1 b/sftp.1 index 7140bc19b..722a34419 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.122 2018/11/16 02:30:20 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.123 2019/01/16 23:23:45 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 16 2018 $ +.Dd $Mdocdate: January 16 2019 $ .Dt SFTP 1 .Os .Sh NAME @@ -316,31 +316,52 @@ Change remote directory to If .Ar path is not specified, then change directory to the one the session started in. -.It Ic chgrp Ar grp Ar path +.It Xo Ic chgrp +.Op Fl h +.Ar grp +.Ar path +.Xc Change group of file .Ar path to .Ar grp . +If the +.Fl h +flag is specified, then symlinks will not be followed. .Ar path may contain .Xr glob 7 characters and may match multiple files. .Ar grp must be a numeric GID. -.It Ic chmod Ar mode Ar path +.It Xo Ic chmod +.Op Fl h +.Ar mode +.Ar path +.Xc Change permissions of file .Ar path to .Ar mode . +If the +.Fl h +flag is specified, then symlinks will not be followed. .Ar path may contain .Xr glob 7 characters and may match multiple files. -.It Ic chown Ar own Ar path +.It Xo Ic chown +.Op Fl h +.Ar own +.Ar path +.Xc Change owner of file .Ar path to .Ar own . +If the +.Fl h +flag is specified, then symlinks will not be followed. .Ar path may contain .Xr glob 7 diff --git a/sftp.c b/sftp.c index f886b330b..0f3f89d33 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.188 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.189 2019/01/16 23:23:45 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -278,9 +278,9 @@ help(void) printf("Available commands:\n" "bye Quit sftp\n" "cd path Change remote directory to 'path'\n" - "chgrp grp path Change group of file 'path' to 'grp'\n" - "chmod mode path Change permissions of file 'path' to 'mode'\n" - "chown own path Change owner of file 'path' to 'own'\n" + "chgrp [-h] grp path Change group of file 'path' to 'grp'\n" + "chmod [-h] mode path Change permissions of file 'path' to 'mode'\n" + "chown [-h] own path Change owner of file 'path' to 'own'\n" "df [-hi] [path] Display statistics for current directory or\n" " filesystem containing 'path'\n" "exit Quit sftp\n" @@ -561,6 +561,30 @@ parse_df_flags(const char *cmd, char **argv, int argc, int *hflag, int *iflag) return optind; } +static int +parse_ch_flags(const char *cmd, char **argv, int argc, int *hflag) +{ + extern int opterr, optind, optopt, optreset; + int ch; + + optind = optreset = 1; + opterr = 0; + + *hflag = 0; + while ((ch = getopt(argc, argv, "h")) != -1) { + switch (ch) { + case 'h': + *hflag = 1; + break; + default: + error("%s: Invalid flag -%c", cmd, optopt); + return -1; + } + } + + return optind; +} + static int parse_no_flags(const char *cmd, char **argv, int argc) { @@ -1456,7 +1480,7 @@ parse_args(const char **cpp, int *ignore_errors, int *disable_echo, int *aflag, /* FALLTHROUGH */ case I_CHOWN: case I_CHGRP: - if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) + if ((optidx = parse_ch_flags(cmd, argv, argc, hflag)) == -1) return -1; /* Get numeric arg (mandatory) */ if (argc - optidx < 1) @@ -1675,7 +1699,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, if (!quiet) mprintf("Changing mode on %s\n", g.gl_pathv[i]); - err = do_setstat(conn, g.gl_pathv[i], &a); + err = (hflag ? do_lsetstat : do_setstat)(conn, + g.gl_pathv[i], &a); if (err != 0 && err_abort) break; } @@ -1685,7 +1710,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, path1 = make_absolute(path1, *pwd); remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i] && !interrupted; i++) { - if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) { + if (!(aa = (hflag ? do_lstat : do_stat)(conn, + g.gl_pathv[i], 0))) { if (err_abort) { err = -1; break; @@ -1713,7 +1739,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, g.gl_pathv[i]); aa->gid = n_arg; } - err = do_setstat(conn, g.gl_pathv[i], aa); + err = (hflag ? do_lsetstat : do_setstat)(conn, + g.gl_pathv[i], aa); if (err != 0 && err_abort) break; } -- cgit v1.2.3 From dbb4dec6d5d671b5e9d67ef02162a610ad052068 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 17 Jan 2019 01:50:24 +0000 Subject: upstream: many of the global variables in this file can be made static; patch from Markus Schmidt OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737 --- sshd.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/sshd.c b/sshd.c index 3461383a0..1d25c88f3 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.520 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.521 2019/01/17 01:50:24 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -151,38 +151,38 @@ int debug_flag = 0; * configuration, optionally using connection information provided by the * "-C" flag. */ -int test_flag = 0; +static int test_flag = 0; /* Flag indicating that the daemon is being started from inetd. */ -int inetd_flag = 0; +static int inetd_flag = 0; /* Flag indicating that sshd should not detach and become a daemon. */ -int no_daemon_flag = 0; +static int no_daemon_flag = 0; /* debug goes to stderr unless inetd_flag is set */ -int log_stderr = 0; +static int log_stderr = 0; /* Saved arguments to main(). */ -char **saved_argv; -int saved_argc; +static char **saved_argv; +static int saved_argc; /* re-exec */ -int rexeced_flag = 0; -int rexec_flag = 1; -int rexec_argc = 0; -char **rexec_argv; +static int rexeced_flag = 0; +static int rexec_flag = 1; +static int rexec_argc = 0; +static char **rexec_argv; /* * The sockets that the server is listening; this is used in the SIGHUP * signal handler. */ #define MAX_LISTEN_SOCKS 16 -int listen_socks[MAX_LISTEN_SOCKS]; -int num_listen_socks = 0; +static int listen_socks[MAX_LISTEN_SOCKS]; +static int num_listen_socks = 0; /* Daemon's agent connection */ int auth_sock = -1; -int have_agent = 0; +static int have_agent = 0; /* * Any really sensitive data in the application is contained in this @@ -214,8 +214,8 @@ u_int session_id2_len = 0; u_int utmp_len = HOST_NAME_MAX+1; /* options.max_startup sized array of fd ints */ -int *startup_pipes = NULL; -int startup_pipe; /* in child */ +static int *startup_pipes = NULL; +static int startup_pipe; /* in child */ /* variables used for privilege separation */ int use_privsep = -1; -- cgit v1.2.3 From 943d0965263cae1c080ce5a9d0b5aa341885e55d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 17 Jan 2019 04:20:53 +0000 Subject: upstream: include time.h for time(3)/nanosleep(2); from Ian McKellar OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51 --- auth.c | 3 ++- auth2.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/auth.c b/auth.c index d2a8cd65b..7d48d07a8 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.135 2019/01/17 04:20:53 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -50,6 +50,7 @@ #include #include #include +#include #include "xmalloc.h" #include "match.h" diff --git a/auth2.c b/auth2.c index 4d19957a6..4415c11ec 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.149 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: auth2.c,v 1.151 2019/01/17 04:20:53 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -35,6 +35,7 @@ #include #include #include +#include #include "atomicio.h" #include "xmalloc.h" -- cgit v1.2.3 From f47d72ddad75b93d3cbc781718b0fa9046c03df8 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 17 Jan 2019 04:45:09 +0000 Subject: upstream: tun_fwd_ifnames variable should b =?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271 --- session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/session.c b/session.c index d2e2fbd74..0452f507a 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.308 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: session.c,v 1.309 2019/01/17 04:45:09 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -142,7 +142,7 @@ extern int startup_pipe; extern void destroy_sensitive_data(void); extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; -char *tun_fwd_ifnames; /* serverloop.c */ +extern char *tun_fwd_ifnames; /* serverloop.c */ /* original command from peer. */ const char *original_command = NULL; -- cgit v1.2.3 From 609644027dde1f82213699cb6599e584c7efcb75 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 1 Jan 2019 22:20:16 +0000 Subject: upstream: regress bits for banner processing refactor (this test was depending on ssh returning a particular error message for banner parsing failure) reminded by bluhm@ OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575 --- regress/multiplex.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/regress/multiplex.sh b/regress/multiplex.sh index a6fad8eb8..de357c4d5 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.28 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: multiplex.sh,v 1.29 2019/01/01 22:20:16 djm Exp $ # Placed in the Public Domain. make_tmpdir @@ -142,7 +142,8 @@ ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ verbose "test $tid: cmd forward local (UNIX)" ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \ || fail "request local forward failed" -echo "" | $NC -U $OBJ/unix-1.fwd | grep "Protocol mismatch" >/dev/null 2>&1 \ +echo "" | $NC -U $OBJ/unix-1.fwd | \ + grep "Invalid SSH identification string" >/dev/null 2>&1 \ || fail "connect to local forward path failed" ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \ || fail "cancel local forward failed" @@ -153,7 +154,8 @@ rm -f $OBJ/unix-1.fwd verbose "test $tid: cmd forward remote (UNIX)" ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \ || fail "request remote forward failed" -echo "" | $NC -U $OBJ/unix-1.fwd | grep "Protocol mismatch" >/dev/null 2>&1 \ +echo "" | $NC -U $OBJ/unix-1.fwd | \ + grep "Invalid SSH identification string" >/dev/null 2>&1 \ || fail "connect to remote forwarded path failed" ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \ || fail "cancel remote forward failed" -- cgit v1.2.3 From 091093d25802b87d3b2b09f2c88d9f33e1ae5562 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 18 Jan 2019 12:11:42 +1300 Subject: Add a minimal implementation of utimensat(). Some systems (eg older OS X) do not have utimensat, so provide minimal implementation in compat layer. Fixes build on at least El Capitan. --- configure.ac | 1 + openbsd-compat/bsd-misc.c | 37 +++++++++++++ openbsd-compat/bsd-misc.h | 8 +++ openbsd-compat/regress/Makefile.in | 2 +- openbsd-compat/regress/utimensattest.c | 97 ++++++++++++++++++++++++++++++++++ 5 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 openbsd-compat/regress/utimensattest.c diff --git a/configure.ac b/configure.ac index c1427247e..2d1dafdee 100644 --- a/configure.ac +++ b/configure.ac @@ -1812,6 +1812,7 @@ AC_CHECK_FUNCS([ \ truncate \ unsetenv \ updwtmpx \ + utimensat \ user_from_uid \ usleep \ vasprintf \ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 5d7540a70..4bae96548 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -25,6 +25,7 @@ # include #endif +#include #include #include #include @@ -117,6 +118,42 @@ int utimes(char *filename, struct timeval *tvp) } #endif +#ifndef HAVE_UTIMENSAT +/* + * A limited implementation of utimensat() that only implements the + * functionality used by OpenSSH, currently only AT_FDCWD and + * AT_SYMLINK_NOFOLLOW. + */ +int +utimensat(int fd, const char *path, const struct timespec times[2], + int flag) +{ + struct timeval tv[2]; + int ret, oflags = O_WRONLY; + + tv[0].tv_sec = times[0].tv_sec; + tv[0].tv_usec = times[0].tv_nsec / 1000; + tv[1].tv_sec = times[1].tv_sec; + tv[1].tv_usec = times[1].tv_nsec / 1000; + + if (fd != AT_FDCWD) { + errno = ENOSYS; + return -1; + } +# ifndef HAVE_FUTIMES + return utimes(path, tv); +# else + if (flag & AT_SYMLINK_NOFOLLOW) + oflags |= O_NOFOLLOW; + if ((fd = open(path, oflags)) == -1) + return -1; + ret = futimes(fd, tv); + close(fd); + return ret; +# endif +} +#endif + #ifndef HAVE_TRUNCATE int truncate(const char *path, off_t length) { diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 52ec52853..584c2b5ef 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -64,6 +64,14 @@ struct timeval { int utimes(char *, struct timeval *); #endif /* HAVE_UTIMES */ +#ifndef HAVE_UTIMENSAT +/* start with the high bits and work down to minimise risk of overlap */ +# ifndef AT_SYMLINK_NOFOLLOW +# define AT_SYMLINK_NOFOLLOW 0x80000000 +# endif +int utimensat(int, const char *, const struct timespec[2], int); +#endif + #ifndef HAVE_TRUNCATE int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in index 529331be5..c5aae61e2 100644 --- a/openbsd-compat/regress/Makefile.in +++ b/openbsd-compat/regress/Makefile.in @@ -14,7 +14,7 @@ LIBS=@LIBS@ LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ - strtonumtest$(EXEEXT) opensslvertest$(EXEEXT) + strtonumtest$(EXEEXT) opensslvertest$(EXEEXT) utimensattest$(EXEEXT) all: t-exec ${OTHERTESTS} diff --git a/openbsd-compat/regress/utimensattest.c b/openbsd-compat/regress/utimensattest.c new file mode 100644 index 000000000..a7bc7634b --- /dev/null +++ b/openbsd-compat/regress/utimensattest.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2019 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include + +#define TMPFILE "utimensat.tmp" +#define TMPFILE2 "utimensat.tmp2" + +#ifndef AT_SYMLINK_NOFOLLOW +# define AT_SYMLINK_NOFOLLOW 0x80000000 +#endif + +int utimensat(int, const char *, const struct timespec[2], int); + +void +fail(char *msg, long expect, long got) +{ + int saved_errno = errno; + + if (expect == got && got == 0) + fprintf(stderr, "utimensat: %s: %s\n", msg, + strerror(saved_errno)); + else + fprintf(stderr, "utimensat: %s: expected %ld got %ld\n", + msg, expect, got); + exit(1); +} + +int +main(void) +{ + int fd; + struct stat sb; + struct timespec ts[2]; + + if ((fd = open(TMPFILE, O_CREAT, 0600)) == -1) + fail("open", 0, 0); + close(fd); + + ts[0].tv_sec = 12345678; + ts[0].tv_nsec = 23456789; + ts[1].tv_sec = 34567890; + ts[1].tv_nsec = 45678901; + if (utimensat(AT_FDCWD, TMPFILE, ts, AT_SYMLINK_NOFOLLOW) == -1) + fail("utimensat", 0, 0); + + if (stat(TMPFILE, &sb) == -1) + fail("stat", 0, 0 ); + if (sb.st_atime != 12345678) + fail("st_atime", 0, 0 ); + if (sb.st_mtime != 34567890) + fail("st_mtime", 0, 0 ); +#if 0 + /* + * Results expected to be rounded to the nearest microsecond. + * Depends on timestamp precision in kernel and filesystem so + * disabled by default. + */ + if (sb.st_atim.tv_nsec != 23456000) + fail("atim.tv_nsec", 23456000, sb.st_atim.tv_nsec); + if (sb.st_mtim.tv_nsec != 45678000) + fail("mtim.tv_nsec", 45678000, sb.st_mtim.tv_nsec); +#endif + + if (rename(TMPFILE, TMPFILE2) == -1) + fail("rename", 0, 0); + if (symlink(TMPFILE2, TMPFILE) == -1) + fail("symlink", 0, 0); + + if (utimensat(AT_FDCWD, TMPFILE, ts, AT_SYMLINK_NOFOLLOW) != -1) + fail("utimensat followed symlink", 0, 0); + + if (!(unlink(TMPFILE) == 0 && unlink(TMPFILE2) == 0)) + fail("unlink", 0, 0); + exit(0); +} -- cgit v1.2.3 From a6258e5dc314c7d504ac9f0fbc3be96475581dbe Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 18 Jan 2019 11:09:01 +1100 Subject: Add minimal fchownat and fchmodat implementations. Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10. --- configure.ac | 2 ++ openbsd-compat/bsd-misc.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++ openbsd-compat/bsd-misc.h | 12 ++++++++++ 3 files changed, 72 insertions(+) diff --git a/configure.ac b/configure.ac index 2d1dafdee..8e92d1599 100644 --- a/configure.ac +++ b/configure.ac @@ -1719,7 +1719,9 @@ AC_CHECK_FUNCS([ \ errx \ explicit_bzero \ fchmod \ + fchmodat \ fchown \ + fchownat \ flock \ freeaddrinfo \ freezero \ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 4bae96548..d3a41df50 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -154,6 +154,64 @@ utimensat(int fd, const char *path, const struct timespec times[2], } #endif +#ifndef HAVE_FCHOWNAT +/* + * A limited implementation of fchownat() that only implements the + * functionality used by OpenSSH, currently only AT_FDCWD and + * AT_SYMLINK_NOFOLLOW. + */ +int +fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag) +{ + int ret, oflags = O_WRONLY; + + if (fd != AT_FDCWD) { + errno = ENOSYS; + return -1; + } +# ifndef HAVE_FCHOWN + return chown(pathname, owner, group); +# else + if (flag & AT_SYMLINK_NOFOLLOW) + oflags |= O_NOFOLLOW; + if ((fd = open(path, oflags)) == -1) + return -1; + ret = fchown(fd, owner, group); + close(fd); + return ret; +# endif +} +#endif + +#ifndef HAVE_FCHMODAT +/* + * A limited implementation of fchmodat() that only implements the + * functionality used by OpenSSH, currently only AT_FDCWD and + * AT_SYMLINK_NOFOLLOW. + */ +int +fchmodat(int fd, const char *path, mode_t mode, int flag) +{ + int ret, oflags = O_WRONLY; + + if (fd != AT_FDCWD) { + errno = ENOSYS; + return -1; + } +# ifndef HAVE_FCHMOD + return chown(pathname, owner, group); +# else + if (flag & AT_SYMLINK_NOFOLLOW) + oflags |= O_NOFOLLOW; + if ((fd = open(path, oflags)) == -1) + return -1; + ret = fchmod(fd, mode); + close(fd); + return ret; +# endif +} +#endif + #ifndef HAVE_TRUNCATE int truncate(const char *path, off_t length) { diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 584c2b5ef..cb158cd5c 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -72,6 +72,18 @@ int utimes(char *, struct timeval *); int utimensat(int, const char *, const struct timespec[2], int); #endif +#ifndef AT_FDCWD +# define AT_FDCWD (-2) +#endif + +#ifndef HAVE_FCHMODAT +int fchmodat(int, const char *, mode_t, int); +#endif + +#ifndef HAVE_FCHOWNAT +int fchownat(int, const char *, uid_t, gid_t, int); +#endif + #ifndef HAVE_TRUNCATE int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ -- cgit v1.2.3 From 4ae7f80dfd02f2bde912a67c9f338f61e90fa79f Mon Sep 17 00:00:00 2001 From: "tb@openbsd.org" Date: Sat, 19 Jan 2019 04:15:56 +0000 Subject: upstream: Print an \r in front of the password prompt so parts of a password that was entered too early are likely clobbered by the prompt. Idea from doas. from and ok djm "i like it" deraadt OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e --- readpass.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/readpass.c b/readpass.c index f160f866b..44014ef8a 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.52 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: readpass.c,v 1.53 2019/01/19 04:15:56 tb Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -117,7 +117,7 @@ ssh_askpass(char *askpass, const char *msg) char * read_passphrase(const char *prompt, int flags) { - char *askpass = NULL, *ret, buf[1024]; + char cr = '\r', *askpass = NULL, *ret, buf[1024]; int rppflags, use_askpass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; @@ -131,9 +131,16 @@ read_passphrase(const char *prompt, int flags) } else { rppflags |= RPP_REQUIRE_TTY; ttyfd = open(_PATH_TTY, O_RDWR); - if (ttyfd >= 0) + if (ttyfd >= 0) { + /* + * If we're on a tty, ensure that show the prompt at + * the beginning of the line. This will hopefully + * clobber any password characters the user has + * optimistically typed before echo is disabled. + */ + (void)write(ttyfd, &cr, 1); close(ttyfd); - else { + } else { debug("read_passphrase: can't open %s: %s", _PATH_TTY, strerror(errno)); use_askpass = 1; -- cgit v1.2.3 From 0fa174ebe129f3d0aeaf4e2d1dd8de745870d0ff Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:31:32 +0000 Subject: upstream: begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4 --- auth.c | 5 ++++- auth2-hostbased.c | 4 +++- auth2.c | 5 ++++- channels.c | 5 ++++- clientloop.c | 5 ++++- monitor.c | 5 ++++- monitor_wrap.c | 5 ++++- mux.c | 5 ++++- opacket.c | 3 ++- packet.h | 6 +----- servconf.c | 5 ++++- serverloop.c | 5 ++++- session.c | 5 ++++- ssh.c | 5 ++++- sshconnect.c | 5 ++++- sshconnect2.c | 5 ++++- sshd.c | 5 ++++- 17 files changed, 62 insertions(+), 21 deletions(-) diff --git a/auth.c b/auth.c index 7d48d07a8..94f43a6c2 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.135 2019/01/17 04:20:53 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.136 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -77,6 +77,9 @@ #include "compat.h" #include "channels.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import */ extern ServerOptions options; extern int use_privsep; diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 764ceff74..e28a48fb3 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.39 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -51,6 +51,8 @@ #include "ssherr.h" #include "match.h" +extern struct ssh *active_state; /* XXX */ + /* import */ extern ServerOptions options; extern u_char *session_id2; diff --git a/auth2.c b/auth2.c index 4415c11ec..3df2acf78 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.151 2019/01/17 04:20:53 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.152 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -61,6 +61,9 @@ #include "ssherr.h" #include "digest.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import */ extern ServerOptions options; extern u_char *session_id2; diff --git a/channels.c b/channels.c index 6d2e1c6a6..dcda44b07 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.387 2018/12/07 02:31:20 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.388 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -84,6 +84,9 @@ #include "pathnames.h" #include "match.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* -- agent forwarding */ #define NUM_SOCKS 10 diff --git a/clientloop.c b/clientloop.c index 8d312cdaa..d29ec00bc 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.319 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -112,6 +112,9 @@ #include "ssherr.h" #include "hostfile.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import options */ extern Options options; diff --git a/monitor.c b/monitor.c index 09d3a27fd..e15a5225d 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.188 2018/11/16 02:43:56 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -96,6 +96,9 @@ #include "match.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + #ifdef GSSAPI static Gssctxt *gsscontext = NULL; #endif diff --git a/monitor_wrap.c b/monitor_wrap.c index 732fb3476..6ceaa3716 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -76,6 +76,9 @@ #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* Imports */ extern struct monitor *pmonitor; extern struct sshbuf *loginmsg; diff --git a/mux.c b/mux.c index 8e4b60827..abc1e05ab 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.77 2018/09/26 07:32:44 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.78 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -68,6 +68,9 @@ #include "clientloop.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* from ssh.c */ extern int tty_flag; extern Options options; diff --git a/opacket.c b/opacket.c index e637d7a71..56a76939e 100644 --- a/opacket.c +++ b/opacket.c @@ -2,11 +2,12 @@ /* Written by Markus Friedl. Placed in the public domain. */ #include "includes.h" - +/* $OpenBSD: opacket.c,v 1.8 2019/01/19 21:31:32 djm Exp $ */ #include #include "ssherr.h" #include "packet.h" +#include "opacket.h" /* XXX */ #include "log.h" struct ssh *active_state, *backup_state; diff --git a/packet.h b/packet.h index 170203cab..c58b52d39 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.86 2018/07/09 21:20:26 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.87 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen @@ -204,10 +204,6 @@ int sshpkt_get_end(struct ssh *ssh); void sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l); const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); -/* OLD API */ -extern struct ssh *active_state; -#include "opacket.h" - #if !defined(WITH_OPENSSL) # undef BIGNUM # undef EC_KEY diff --git a/servconf.c b/servconf.c index 52d9be429..0ec095bd0 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.344 2018/11/19 04:12:32 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.345 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -65,6 +65,9 @@ #include "myproposal.h" #include "digest.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + static void add_listen_addr(ServerOptions *, const char *, const char *, int); static void add_one_listen_addr(ServerOptions *, const char *, diff --git a/serverloop.c b/serverloop.c index 7be83e2d3..e0c26bbbc 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ +/* $OpenBSD: serverloop.c,v 1.210 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,6 +78,9 @@ #include "serverloop.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + extern ServerOptions options; /* XXX */ diff --git a/session.c b/session.c index 0452f507a..f0dabe111 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.309 2019/01/17 04:45:09 djm Exp $ */ +/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -105,6 +105,9 @@ #include #endif +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ diff --git a/ssh.c b/ssh.c index 16536a97a..a206a5fca 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.497 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.498 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -113,6 +113,9 @@ #include "ssh-pkcs11.h" #endif +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX move here */ + extern char *__progname; /* Saves a copy of argv for setproctitle emulation */ diff --git a/sshconnect.c b/sshconnect.c index 884e33628..346f979d1 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.309 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -70,6 +70,9 @@ #include "authfd.h" #include "kex.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + struct sshkey *previous_host_key = NULL; static int matching_host_key_dns = 0; diff --git a/sshconnect2.c b/sshconnect2.c index 0e8f323d6..73ffe77a9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.292 2019/01/04 03:27:50 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.293 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -77,6 +77,9 @@ #include "ssh-gss.h" #endif +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import */ extern char *client_version_string; extern char *server_version_string; diff --git a/sshd.c b/sshd.c index 1d25c88f3..ad8c152a5 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.521 2019/01/17 01:50:24 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.522 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,6 +123,9 @@ #include "version.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX move decl to this file */ + /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -- cgit v1.2.3 From ad60b1179c9682ca5aef0b346f99ef68cbbbc4e5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:33:13 +0000 Subject: upstream: allow sshpkt_fatal() to take a varargs format; we'll use this to give packet-related fatal error messages more context (esp. the remote endpoint) ok markus@ OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50 --- dispatch.c | 6 +++--- opacket.c | 14 +++++++------- packet.c | 29 +++++++++++++++++++++++------ packet.h | 5 +++-- 4 files changed, 36 insertions(+), 18 deletions(-) diff --git a/dispatch.c b/dispatch.c index 0b3ea614e..6e4c501e0 100644 --- a/dispatch.c +++ b/dispatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.31 2017/05/31 07:00:13 markus Exp $ */ +/* $OpenBSD: dispatch.c,v 1.32 2019/01/19 21:33:13 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -47,7 +47,7 @@ dispatch_protocol_error(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_put_u32(ssh, seq)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - sshpkt_fatal(ssh, __func__, r); + sshpkt_fatal(ssh, r, "%s", __func__); return 0; } @@ -131,5 +131,5 @@ ssh_dispatch_run_fatal(struct ssh *ssh, int mode, volatile sig_atomic_t *done) int r; if ((r = ssh_dispatch_run(ssh, mode, done)) != 0) - sshpkt_fatal(ssh, __func__, r); + sshpkt_fatal(ssh, r, "%s", __func__); } diff --git a/opacket.c b/opacket.c index 56a76939e..e5ccf8099 100644 --- a/opacket.c +++ b/opacket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: opacket.c,v 1.7 2017/10/20 01:56:39 djm Exp $ */ +/* $OpenBSD: opacket.c,v 1.9 2019/01/19 21:33:14 djm Exp $ */ /* Written by Markus Friedl. Placed in the public domain. */ #include "includes.h" @@ -238,7 +238,7 @@ packet_read_seqnr(u_int32_t *seqnr) int r; if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)) != 0) - sshpkt_fatal(active_state, __func__, r); + sshpkt_fatal(active_state, r, "%s", __func__); return type; } @@ -249,7 +249,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr) int r; if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr))) - sshpkt_fatal(active_state, __func__, r); + sshpkt_fatal(active_state, r, "%s", __func__); return type; } @@ -266,7 +266,7 @@ packet_process_incoming(const char *buf, u_int len) int r; if ((r = ssh_packet_process_incoming(active_state, buf, len)) != 0) - sshpkt_fatal(active_state, __func__, r); + sshpkt_fatal(active_state, r, "%s", __func__); } void @@ -275,7 +275,7 @@ packet_write_wait(void) int r; if ((r = ssh_packet_write_wait(active_state)) != 0) - sshpkt_fatal(active_state, __func__, r); + sshpkt_fatal(active_state, r, "%s", __func__); } void @@ -284,7 +284,7 @@ packet_write_poll(void) int r; if ((r = ssh_packet_write_poll(active_state)) != 0) - sshpkt_fatal(active_state, __func__, r); + sshpkt_fatal(active_state, r, "%s", __func__); } void @@ -293,7 +293,7 @@ packet_read_expect(int expected_type) int r; if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0) - sshpkt_fatal(active_state, __func__, r); + sshpkt_fatal(active_state, r, "%s", __func__); } void diff --git a/packet.c b/packet.c index ded5a3201..aa8be8c94 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.279 2019/01/04 03:23:00 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.280 2019/01/19 21:33:14 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1809,10 +1809,10 @@ sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l) /* * Pretty-print connection-terminating errors and exit. */ -void -sshpkt_fatal(struct ssh *ssh, const char *tag, int r) +static void +sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap) { - char remote_id[512]; + char *tag = NULL, remote_id[512]; sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); @@ -1846,6 +1846,11 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) } /* FALLTHROUGH */ default: + if (vasprintf(&tag, fmt, ap) == -1) { + ssh_packet_clear_keys(ssh); + logdie("%s: could not allocate failure message", + __func__); + } ssh_packet_clear_keys(ssh); logdie("%s%sConnection %s %s: %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", @@ -1854,6 +1859,18 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) } } +void +sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + sshpkt_vfatal(ssh, r, fmt, ap); + /* NOTREACHED */ + va_end(ap); + logdie("%s: should have exited", __func__); +} + /* * Logs the error plus constructs and sends a disconnect packet, closes the * connection, and exits. This function never returns. The error message @@ -1889,10 +1906,10 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) * for it to get sent. */ if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0) - sshpkt_fatal(ssh, __func__, r); + sshpkt_fatal(ssh, r, "%s", __func__); if ((r = ssh_packet_write_wait(ssh)) != 0) - sshpkt_fatal(ssh, __func__, r); + sshpkt_fatal(ssh, r, "%s", __func__); /* Close the connection. */ ssh_packet_close(ssh); diff --git a/packet.h b/packet.h index c58b52d39..74bb51108 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.87 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.88 2019/01/19 21:33:14 djm Exp $ */ /* * Author: Tatu Ylonen @@ -176,7 +176,8 @@ int sshpkt_send(struct ssh *ssh); int sshpkt_disconnect(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3))); int sshpkt_add_padding(struct ssh *, u_char); -void sshpkt_fatal(struct ssh *ssh, const char *tag, int r); +void sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...) + __attribute__((format(printf, 3, 4))); int sshpkt_msg_ignore(struct ssh *, u_int); int sshpkt_put(struct ssh *ssh, const void *v, size_t len); -- cgit v1.2.3 From 23f22a4aaa923c61ec49a99ebaa383656e87fa40 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:33:57 +0000 Subject: upstream: convert clientloop.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa --- clientloop.c | 287 ++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 166 insertions(+), 121 deletions(-) diff --git a/clientloop.c b/clientloop.c index d29ec00bc..5f87b24a2 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.319 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.320 2019/01/19 21:33:57 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -478,21 +478,24 @@ client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh) free(gc); } - packet_set_alive_timeouts(0); + ssh_packet_set_alive_timeouts(ssh, 0); return 0; } static void -server_alive_check(void) +server_alive_check(struct ssh *ssh) { - if (packet_inc_alive_timeouts() > options.server_alive_count_max) { + int r; + + if (ssh_packet_inc_alive_timeouts(ssh) > options.server_alive_count_max) { logit("Timeout, server %s not responding.", host); cleanup_exit(255); } - packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring("keepalive@openssh.com"); - packet_put_char(1); /* boolean: want reply */ - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 || + (r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */ + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); /* Insert an empty placeholder to maintain ordering */ client_register_global_confirm(NULL, NULL); } @@ -517,7 +520,7 @@ client_wait_until_can_do_something(struct ssh *ssh, /* channel_prepare_select could have closed the last channel */ if (session_closed && !channel_still_open(ssh) && - !packet_have_data_to_write()) { + !ssh_packet_have_data_to_write(ssh)) { /* clear mask since we did not call select() */ memset(*readsetp, 0, *nallocp); memset(*writesetp, 0, *nallocp); @@ -527,7 +530,7 @@ client_wait_until_can_do_something(struct ssh *ssh, FD_SET(connection_in, *readsetp); /* Select server connection if have data to write to the server. */ - if (packet_have_data_to_write()) + if (ssh_packet_have_data_to_write(ssh)) FD_SET(connection_out, *writesetp); /* @@ -542,7 +545,8 @@ client_wait_until_can_do_something(struct ssh *ssh, server_alive_time = now + options.server_alive_interval; } if (options.rekey_interval > 0 && !rekeying) - timeout_secs = MINIMUM(timeout_secs, packet_get_rekey_timeout()); + timeout_secs = MINIMUM(timeout_secs, + ssh_packet_get_rekey_timeout(ssh)); set_control_persist_exit_time(ssh); if (control_persist_exit_time > 0) { timeout_secs = MINIMUM(timeout_secs, @@ -583,7 +587,7 @@ client_wait_until_can_do_something(struct ssh *ssh, * Keepalive we check here, rekeying is checked in clientloop. */ if (server_alive_time != 0 && server_alive_time <= monotime()) - server_alive_check(); + server_alive_check(ssh); } } @@ -615,7 +619,7 @@ client_suspend_self(struct sshbuf *bin, struct sshbuf *bout, struct sshbuf *berr } static void -client_process_net_input(fd_set *readset) +client_process_net_input(struct ssh *ssh, fd_set *readset) { char buf[SSH_IOBUFSZ]; int r, len; @@ -661,7 +665,7 @@ client_process_net_input(fd_set *readset) quit_pending = 1; return; } - packet_process_incoming(buf, len); + ssh_packet_process_incoming(ssh, buf, len); } } @@ -1284,8 +1288,8 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, /* Initialize variables. */ last_was_cr = 1; exit_status = -1; - connection_in = packet_get_connection_in(); - connection_out = packet_get_connection_out(); + connection_in = ssh_packet_get_connection_in(ssh); + connection_out = ssh_packet_get_connection_out(ssh); max_fd = MAXIMUM(connection_in, connection_out); quit_pending = 0; @@ -1349,7 +1353,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, * Make packets from buffered channel data, and * enqueue them for sending to the server. */ - if (packet_not_very_much_data_to_write()) + if (ssh_packet_not_very_much_data_to_write(ssh)) channel_output_poll(ssh); /* @@ -1377,7 +1381,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, channel_after_select(ssh, readset, writeset); /* Buffer input from the connection. */ - client_process_net_input(readset); + client_process_net_input(ssh, readset); if (quit_pending) break; @@ -1387,7 +1391,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, * sender. */ if (FD_ISSET(connection_out, writeset)) - packet_write_poll(); + ssh_packet_write_poll(ssh); /* * If we are a backgrounded control master, and the @@ -1409,12 +1413,13 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, /* Stop watching for window change. */ signal(SIGWINCH, SIG_DFL); - packet_start(SSH2_MSG_DISCONNECT); - packet_put_int(SSH2_DISCONNECT_BY_APPLICATION); - packet_put_cstring("disconnected by user"); - packet_put_cstring(""); /* language tag */ - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 || + (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 || + (r = sshpkt_put_cstring(ssh, "disconnected by user")) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language tag */ + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); channel_free_all(ssh); @@ -1471,7 +1476,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, /* Report bytes transferred, and transfer rates. */ total_time = monotime_double() - start_time; - packet_get_bytes(&ibytes, &obytes); + ssh_packet_get_bytes(ssh, &ibytes, &obytes); verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds", (unsigned long long)obytes, (unsigned long long)ibytes, total_time); if (total_time > 0) @@ -1491,21 +1496,29 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, Channel *c = NULL; struct sshbuf *b = NULL; char *listen_address, *originator_address; - u_short listen_port, originator_port; + u_int listen_port, originator_port; int r; /* Get rest of the packet */ - listen_address = packet_get_string(NULL); - listen_port = packet_get_int(); - originator_address = packet_get_string(NULL); - originator_port = packet_get_int(); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &listen_address, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &listen_port)) != 0 || + (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); debug("%s: listen %s port %d, originator %s port %d", __func__, listen_address, listen_port, originator_address, originator_port); - c = channel_connect_by_listen_address(ssh, listen_address, listen_port, - "forwarded-tcpip", originator_address); + if (listen_port > 0xffff) + error("%s: invalid listen port", __func__); + else if (originator_port > 0xffff) + error("%s: invalid originator port", __func__); + else { + c = channel_connect_by_listen_address(ssh, + listen_address, listen_port, "forwarded-tcpip", + originator_address); + } if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { if ((b = sshbuf_new()) == NULL) { @@ -1543,13 +1556,13 @@ client_request_forwarded_streamlocal(struct ssh *ssh, { Channel *c = NULL; char *listen_path; + int r; /* Get the remote path. */ - listen_path = packet_get_string(NULL); - /* XXX: Skip reserved field for now. */ - if (packet_get_string_ptr(NULL) == NULL) - fatal("%s: packet_get_string_ptr failed", __func__); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 || + (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* reserved */ + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); debug("%s: %s", __func__, listen_path); @@ -1564,8 +1577,8 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) { Channel *c = NULL; char *originator; - u_short originator_port; - int sock; + int originator_port; + int r, sock; if (!options.forward_x11) { error("Warning: ssh server tried X11 forwarding."); @@ -1578,9 +1591,10 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) "expired"); return NULL; } - originator = packet_get_string(NULL); - originator_port = packet_get_int(); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, (u_int *)&originator_port)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); /* XXX check permission */ debug("client_request_x11: request from %s %d", originator, originator_port); @@ -1626,7 +1640,7 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode, int local_tun, int remote_tun) { Channel *c; - int fd; + int r, fd; char *ifname = NULL; if (tun_mode == SSH_TUNMODE_NO) @@ -1651,14 +1665,15 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode, sys_tun_outfilter, NULL, NULL); #endif - packet_start(SSH2_MSG_CHANNEL_OPEN); - packet_put_cstring("tun@openssh.com"); - packet_put_int(c->self); - packet_put_int(c->local_window_max); - packet_put_int(c->local_maxpacket); - packet_put_int(tun_mode); - packet_put_int(remote_tun); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN)) != 0 || + (r = sshpkt_put_cstring(ssh, "tun@openssh.com")) != 0 || + (r = sshpkt_put_u32(ssh, c->self)) != 0 || + (r = sshpkt_put_u32(ssh, c->local_window_max)) != 0 || + (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || + (r = sshpkt_put_u32(ssh, tun_mode)) != 0 || + (r = sshpkt_put_u32(ssh, remote_tun)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); return ifname; } @@ -1668,14 +1683,17 @@ static int client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = NULL; - char *ctype; - int rchan; - u_int rmaxpack, rwindow, len; - - ctype = packet_get_string(&len); - rchan = packet_get_int(); - rwindow = packet_get_int(); - rmaxpack = packet_get_int(); + char *ctype = NULL; + int r; + u_int rchan; + size_t len; + u_int rmaxpack, rwindow; + + if ((r = sshpkt_get_cstring(ssh, &ctype, &len)) != 0 || + (r = sshpkt_get_u32(ssh, &rchan)) != 0 || + (r = sshpkt_get_u32(ssh, &rwindow)) != 0 || + (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0) + goto out; debug("client_input_channel_open: ctype %s rchan %d win %d max %d", ctype, rchan, rwindow, rmaxpack); @@ -1699,57 +1717,66 @@ client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) c->remote_window = rwindow; c->remote_maxpacket = rmaxpack; if (c->type != SSH_CHANNEL_CONNECTING) { - packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); - packet_put_int(c->remote_id); - packet_put_int(c->self); - packet_put_int(c->local_window); - packet_put_int(c->local_maxpacket); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 || + (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || + (r = sshpkt_put_u32(ssh, c->self)) != 0 || + (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || + (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: send reply", __func__); } } else { debug("failure %s", ctype); - packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); - packet_put_int(rchan); - packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); - packet_put_cstring("open failed"); - packet_put_cstring(""); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || + (r = sshpkt_put_u32(ssh, rchan)) != 0 || + (r = sshpkt_put_u32(ssh, SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED)) != 0 || + (r = sshpkt_put_cstring(ssh, "open failed")) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: send failure", __func__); } + r = 0; + out: free(ctype); - return 0; + return r; } static int client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = NULL; - int exitval, id, reply, success = 0; - char *rtype; - - id = packet_get_int(); - c = channel_lookup(ssh, id); + char *rtype = NULL; + u_char reply; + u_int id, exitval; + int r, success = 0; + + if ((r = sshpkt_get_u32(ssh, &id)) != 0) + return r; + if (id <= INT_MAX) + c = channel_lookup(ssh, id); if (channel_proxy_upstream(c, type, seq, ssh)) return 0; - rtype = packet_get_string(NULL); - reply = packet_get_char(); + if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 || + (r = sshpkt_get_u8(ssh, &reply)) != 0) + goto out; - debug("client_input_channel_req: channel %d rtype %s reply %d", + debug("client_input_channel_req: channel %u rtype %s reply %d", id, rtype, reply); - if (id == -1) { - error("client_input_channel_req: request for channel -1"); - } else if (c == NULL) { + if (c == NULL) { error("client_input_channel_req: channel %d: " "unknown channel", id); } else if (strcmp(rtype, "eow@openssh.com") == 0) { - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + goto out; chan_rcvd_eow(ssh, c); } else if (strcmp(rtype, "exit-status") == 0) { - exitval = packet_get_int(); + if ((r = sshpkt_get_u32(ssh, &exitval)) != 0) + goto out; if (c->ctl_chan != -1) { mux_exit_message(ssh, c, exitval); success = 1; - } else if (id == session_ident) { + } else if ((int)id == session_ident) { /* Record exit value of local session */ success = 1; exit_status = exitval; @@ -1758,19 +1785,23 @@ client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) debug("%s: no sink for exit-status on channel %d", __func__, id); } - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + goto out; } if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) { if (!c->have_remote_id) fatal("%s: channel %d: no remote_id", __func__, c->self); - packet_start(success ? - SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); - packet_put_int(c->remote_id); - packet_send(); + if ((r = sshpkt_start(ssh, success ? + SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 || + (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: send failure", __func__); } + r = 0; + out: free(rtype); - return 0; + return r; } struct hostkeys_update_ctx { @@ -1987,7 +2018,10 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, if (ndone != ctx->nnew) fatal("%s: ndone != ctx->nnew (%zu / %zu)", __func__, ndone, ctx->nnew); /* Shouldn't happen */ - ssh_packet_check_eom(ssh); + if ((r = sshpkt_get_end(ssh)) != 0) { + error("%s: protocol error", __func__); + goto out; + } /* Make the edits to known_hosts */ update_known_hosts(ctx); @@ -2174,23 +2208,27 @@ static int client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) { char *rtype; - int want_reply; - int success = 0; + u_char want_reply; + int r, success = 0; - rtype = packet_get_cstring(NULL); - want_reply = packet_get_char(); + if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 || + (r = sshpkt_get_u8(ssh, &want_reply)) != 0) + goto out; debug("client_input_global_request: rtype %s want_reply %d", rtype, want_reply); if (strcmp(rtype, "hostkeys-00@openssh.com") == 0) success = client_input_hostkeys(); if (want_reply) { - packet_start(success ? - SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, success ? SSH2_MSG_REQUEST_SUCCESS : + SSH2_MSG_REQUEST_FAILURE)) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + goto out; } + r = 0; + out: free(rtype); - return 0; + return r; } void @@ -2198,7 +2236,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, char **env) { - int i, j, matched, len; + int i, j, matched, len, r; char *name, *val; Channel *c = NULL; @@ -2207,7 +2245,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, if ((c = channel_lookup(ssh, id)) == NULL) fatal("%s: channel %d: unknown channel", __func__, id); - packet_set_interactive(want_tty, + ssh_packet_set_interactive(ssh, want_tty, options.ip_qos_interactive, options.ip_qos_bulk); if (want_tty) { @@ -2219,15 +2257,18 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, channel_request_start(ssh, id, "pty-req", 1); client_expect_confirm(ssh, id, "PTY allocation", CONFIRM_TTY); - packet_put_cstring(term != NULL ? term : ""); - packet_put_int((u_int)ws.ws_col); - packet_put_int((u_int)ws.ws_row); - packet_put_int((u_int)ws.ws_xpixel); - packet_put_int((u_int)ws.ws_ypixel); + if ((r = sshpkt_put_cstring(ssh, term != NULL ? term : "")) + != 0 || + (r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || + (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 || + (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 || + (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); if (tiop == NULL) tiop = get_saved_tio(); ssh_tty_make_modes(ssh, -1, tiop); - packet_send(); + if ((r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); /* XXX wait for reply */ c->client_tty = 1; } @@ -2259,9 +2300,10 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, debug("Sending env %s = %s", name, val); channel_request_start(ssh, id, "env", 0); - packet_put_cstring(name); - packet_put_cstring(val); - packet_send(); + if ((r = sshpkt_put_cstring(ssh, name)) != 0 || + (r = sshpkt_put_cstring(ssh, val)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); free(name); } } @@ -2276,9 +2318,10 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, debug("Setting env %s = %s", name, val); channel_request_start(ssh, id, "env", 0); - packet_put_cstring(name); - packet_put_cstring(val); - packet_send(); + if ((r = sshpkt_put_cstring(ssh, name)) != 0 || + (r = sshpkt_put_cstring(ssh, val)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); free(name); } @@ -2298,12 +2341,14 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, channel_request_start(ssh, id, "exec", 1); client_expect_confirm(ssh, id, "exec", CONFIRM_CLOSE); } - packet_put_string(sshbuf_ptr(cmd), sshbuf_len(cmd)); - packet_send(); + if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } else { channel_request_start(ssh, id, "shell", 1); client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE); - packet_send(); + if ((r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } } -- cgit v1.2.3 From ed1df7226caf3a943a36d580d4d4e9275f8a61ee Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:34:45 +0000 Subject: upstream: convert sshconnect2.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58 --- sshconnect2.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index 73ffe77a9..bd98a12a7 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.293 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.294 2019/01/19 21:34:45 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -197,7 +197,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) } if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits(options.rekey_limit, + ssh_packet_set_rekey_limits(ssh, options.rekey_limit, options.rekey_interval); /* start key exchange */ @@ -510,17 +510,21 @@ input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) int input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) { - char *msg, *lang; - u_int len; + char *msg = NULL, *lang = NULL; + size_t len; + int r; debug3("%s", __func__); - msg = packet_get_string(&len); - lang = packet_get_string(NULL); + if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 || + (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0) + goto out; if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) fmprintf(stderr, "%s", msg); + r = 0; + out: free(msg); free(lang); - return 0; + return r; } /* ARGSUSED */ @@ -1806,13 +1810,13 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) } static int -ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, +ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen) { struct sshbuf *b; struct stat st; pid_t pid; - int i, r, to[2], from[2], status, sock = packet_get_connection_in(); + int i, r, to[2], from[2], status, sock = ssh_packet_get_connection_in(ssh); u_char rversion = 0, version = 2; void (*osigchld)(int); @@ -1986,7 +1990,7 @@ userauth_hostbased(Authctxt *authctxt) __func__, sshkey_ssh_name(private), fp); /* figure out a name for the client host */ - if ((lname = get_local_name(packet_get_connection_in())) == NULL) { + if ((lname = get_local_name(ssh_packet_get_connection_in(ssh))) == NULL) { error("%s: cannot get local ipaddr/name", __func__); goto out; } @@ -2020,9 +2024,8 @@ userauth_hostbased(Authctxt *authctxt) #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif - r = ssh_keysign(private, &sig, &siglen, - sshbuf_ptr(b), sshbuf_len(b)); - if (r != 0) { + if ((r = ssh_keysign(ssh, private, &sig, &siglen, + sshbuf_ptr(b), sshbuf_len(b))) != 0) { error("sign using hostkey %s %s failed", sshkey_ssh_name(private), fp); goto out; -- cgit v1.2.3 From e3128b38623eef2fa8d6e7ae934d3bd08c7e973e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:35:25 +0000 Subject: upstream: convert mux.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802 --- mux.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/mux.c b/mux.c index abc1e05ab..e89db193d 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.78 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.79 2019/01/19 21:35:25 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -68,9 +68,6 @@ #include "clientloop.h" #include "ssherr.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* from ssh.c */ extern int tty_flag; extern Options options; @@ -613,6 +610,7 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) struct Forward *rfwd; Channel *c; struct sshbuf *out; + u_int port; int r; if ((c = channel_by_id(ssh, fctx->cid)) == NULL) { @@ -635,7 +633,15 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) rfwd->connect_host, rfwd->connect_port); if (type == SSH2_MSG_REQUEST_SUCCESS) { if (rfwd->listen_port == 0) { - rfwd->allocated_port = packet_get_int(); + if ((r = sshpkt_get_u32(ssh, &port)) != 0) + fatal("%s: packet error: %s", + __func__, ssh_err(r)); + if (port > 65535) { + fatal("Invalid allocated port %u for " + "mux remote forward to %s:%d", port, + rfwd->connect_host, rfwd->connect_port); + } + rfwd->allocated_port = (int)port; debug("Allocated port %u for mux remote forward" " to %s:%d", rfwd->allocated_port, rfwd->connect_host, rfwd->connect_port); @@ -1409,7 +1415,8 @@ mux_session_confirm(struct ssh *ssh, int id, int success, void *arg) if (cctx->want_agent_fwd && options.forward_agent) { debug("Requesting authentication agent forwarding."); channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0); - packet_send(); + if ((r = sshpkt_send(ssh)) != 0) + fatal("%s: packet error: %s", __func__, ssh_err(r)); } client_session2_setup(ssh, id, cctx->want_tty, cctx->want_subsys, -- cgit v1.2.3 From 25b2ed667216314471bb66752442c55b95792dc3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:36:06 +0000 Subject: upstream: convert ssh.c to new packet API with & ok markus@ OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21 --- ssh.c | 67 +++++++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 26 deletions(-) diff --git a/ssh.c b/ssh.c index a206a5fca..160bf6b54 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.498 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.499 2019/01/19 21:36:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -113,8 +113,7 @@ #include "ssh-pkcs11.h" #endif -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX move here */ +extern struct ssh *active_state; /* XXX remove after sshconnect2.c updated */ extern char *__progname; @@ -653,8 +652,8 @@ main(int ac, char **av) */ if ((ssh = ssh_alloc_session_state()) == NULL) fatal("Couldn't allocate session state"); + active_state = ssh; /* XXX */ channel_init_channels(ssh); - active_state = ssh; /* XXX legacy API compat */ /* Parse command-line arguments. */ host = NULL; @@ -1351,7 +1350,7 @@ main(int ac, char **av) int sock; if ((sock = muxclient(options.control_path)) >= 0) { ssh_packet_set_connection(ssh, sock, sock); - packet_set_mux(); + ssh_packet_set_mux(ssh); goto skip_connect; } } @@ -1378,11 +1377,9 @@ main(int ac, char **av) if (addrs != NULL) freeaddrinfo(addrs); - packet_set_timeout(options.server_alive_interval, + ssh_packet_set_timeout(ssh, options.server_alive_interval, options.server_alive_count_max); - ssh = active_state; /* XXX */ - if (timeout_ms > 0) debug3("timeout: %d ms remain after connect", timeout_ms); @@ -1496,7 +1493,7 @@ main(int ac, char **av) ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr, options.port, pw, timeout_ms); - if (packet_connection_is_on_socket()) { + if (ssh_packet_connection_is_on_socket(ssh)) { verbose("Authenticated to %s ([%s]:%d).", host, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); } else { @@ -1530,7 +1527,7 @@ main(int ac, char **av) skip_connect: exit_status = ssh_session2(ssh, pw); - packet_close(); + ssh_packet_close(ssh); if (options.control_path != NULL && muxserver_sock != -1) unlink(options.control_path); @@ -1605,6 +1602,8 @@ static void ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) { struct Forward *rfwd = (struct Forward *)ctxt; + u_int port; + int r; /* XXX verbose() on failure? */ debug("remote forward %s for: listen %s%s%d, connect %s:%d", @@ -1616,12 +1615,25 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) rfwd->connect_host, rfwd->connect_port); if (rfwd->listen_path == NULL && rfwd->listen_port == 0) { if (type == SSH2_MSG_REQUEST_SUCCESS) { - rfwd->allocated_port = packet_get_int(); - logit("Allocated port %u for remote forward to %s:%d", - rfwd->allocated_port, - rfwd->connect_host, rfwd->connect_port); - channel_update_permission(ssh, - rfwd->handle, rfwd->allocated_port); + if ((r = sshpkt_get_u32(ssh, &port)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + if (port > 65535) { + error("Invalid allocated port %u for remote " + "forward to %s:%d", port, + rfwd->connect_host, rfwd->connect_port); + /* Ensure failure processing runs below */ + type = SSH2_MSG_REQUEST_FAILURE; + channel_update_permission(ssh, + rfwd->handle, -1); + } else { + rfwd->allocated_port = (int)port; + logit("Allocated port %u for remote " + "forward to %s:%d", + rfwd->allocated_port, rfwd->connect_host, + rfwd->connect_port); + channel_update_permission(ssh, + rfwd->handle, rfwd->allocated_port); + } } else { channel_update_permission(ssh, rfwd->handle, -1); } @@ -1778,7 +1790,7 @@ ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg) { extern char **environ; const char *display; - int interactive = tty_flag; + int r, interactive = tty_flag; char *proto = NULL, *data = NULL; if (!success) @@ -1804,11 +1816,12 @@ ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg) if (options.forward_agent) { debug("Requesting authentication agent forwarding."); channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0); - packet_send(); + if ((r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } /* Tell the packet module whether this is an interactive session. */ - packet_set_interactive(interactive, + ssh_packet_set_interactive(ssh, interactive, options.ip_qos_interactive, options.ip_qos_bulk); client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"), @@ -1865,7 +1878,7 @@ ssh_session2_open(struct ssh *ssh) static int ssh_session2(struct ssh *ssh, struct passwd *pw) { - int devnull, id = -1; + int r, devnull, id = -1; char *cp, *tun_fwd_ifname = NULL; /* XXX should be pre-session */ @@ -1895,7 +1908,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) } /* Start listening for multiplex clients */ - if (!packet_get_mux()) + if (!ssh_packet_get_mux(ssh)) muxserver_listen(ssh); /* @@ -1929,7 +1942,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) if (!no_shell_flag) id = ssh_session2_open(ssh); else { - packet_set_interactive( + ssh_packet_set_interactive(ssh, options.control_master == SSHCTL_MASTER_NO, options.ip_qos_interactive, options.ip_qos_bulk); } @@ -1938,10 +1951,12 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) if (options.control_master == SSHCTL_MASTER_NO && (datafellows & SSH_NEW_OPENSSH)) { debug("Requesting no-more-sessions@openssh.com"); - packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring("no-more-sessions@openssh.com"); - packet_put_char(0); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, + "no-more-sessions@openssh.com")) != 0 || + (r = sshpkt_put_u8(ssh, 0)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } /* Execute a local command */ -- cgit v1.2.3 From 06232038c794c7dfcb087be0ab0b3e65b09fd396 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:36:38 +0000 Subject: upstream: convert sshconnect.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f --- sshconnect.c | 23 +---------------------- sshconnect.h | 3 +-- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index 346f979d1..1a5f6a4c8 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.311 2019/01/19 21:36:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -70,9 +70,6 @@ #include "authfd.h" #include "kex.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - struct sshkey *previous_host_key = NULL; static int matching_host_key_dns = 0; @@ -1285,24 +1282,6 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, free(local_user); } -void -ssh_put_password(char *password) -{ - int size; - char *padded; - - if (datafellows & SSH_BUG_PASSWORDPAD) { - packet_put_cstring(password); - return; - } - size = ROUNDUP(strlen(password) + 1, 32); - padded = xcalloc(1, size); - strlcpy(padded, password, size); - packet_put_string(padded, size); - explicit_bzero(padded, size); - free(padded); -} - /* print all known host keys for a given host, but skip keys of given type */ static int show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) diff --git a/sshconnect.h b/sshconnect.h index 44a5071c7..6e8989b27 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.36 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.37 2019/01/19 21:36:38 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -50,7 +50,6 @@ void ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short); void ssh_userauth2(struct ssh *ssh, const char *, const char *, char *, Sensitive *); -void ssh_put_password(char *); int ssh_local_cmd(const char *); void maybe_add_key_to_agent(char *, const struct sshkey *, char *, char *); -- cgit v1.2.3 From 8cc7a679d29cf6ecccfa08191e688c7f81ef95c2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:37:13 +0000 Subject: upstream: convert channels.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c --- channels.c | 68 +++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 30 deletions(-) diff --git a/channels.c b/channels.c index dcda44b07..19da16eb3 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.388 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.389 2019/01/19 21:37:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -84,9 +84,6 @@ #include "pathnames.h" #include "match.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* -- agent forwarding */ #define NUM_SOCKS 10 @@ -2994,10 +2991,10 @@ channel_input_data(int type, u_int32_t seq, struct ssh *ssh) return 0; /* Get the data. */ - if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0) + if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) fatal("%s: channel %d: get data: %s", __func__, c->self, ssh_err(r)); - ssh_packet_check_eom(ssh); win_len = data_len; if (c->datagram) @@ -3071,11 +3068,11 @@ channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh) logit("channel %d: bad ext data", c->self); return 0; } - if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0) { + if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) { error("%s: parse data: %s", __func__, ssh_err(r)); ssh_packet_disconnect(ssh, "Invalid extended_data message"); } - ssh_packet_check_eom(ssh); if (data_len > c->local_window) { logit("channel %d: rcvd too much extended_data %zu, win %u", @@ -3094,8 +3091,12 @@ int channel_input_ieof(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = channel_from_packet_id(ssh, __func__, "ieof"); + int r; - ssh_packet_check_eom(ssh); + if ((r = sshpkt_get_end(ssh)) != 0) { + error("%s: parse data: %s", __func__, ssh_err(r)); + ssh_packet_disconnect(ssh, "Invalid ieof message"); + } if (channel_proxy_upstream(c, type, seq, ssh)) return 0; @@ -3115,10 +3116,14 @@ int channel_input_oclose(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = channel_from_packet_id(ssh, __func__, "oclose"); + int r; if (channel_proxy_upstream(c, type, seq, ssh)) return 0; - ssh_packet_check_eom(ssh); + if ((r = sshpkt_get_end(ssh)) != 0) { + error("%s: parse data: %s", __func__, ssh_err(r)); + ssh_packet_disconnect(ssh, "Invalid oclose message"); + } chan_rcvd_oclose(ssh, c); return 0; } @@ -3133,7 +3138,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) if (channel_proxy_upstream(c, type, seq, ssh)) return 0; if (c->type != SSH_CHANNEL_OPENING) - packet_disconnect("Received open confirmation for " + ssh_packet_disconnect(ssh, "Received open confirmation for " "non-opening channel %d.", c->self); /* * Record the remote channel number and mark that the channel @@ -3141,11 +3146,11 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) */ if ((r = sshpkt_get_u32(ssh, &c->remote_id)) != 0 || (r = sshpkt_get_u32(ssh, &remote_window)) != 0 || - (r = sshpkt_get_u32(ssh, &remote_maxpacket)) != 0) { + (r = sshpkt_get_u32(ssh, &remote_maxpacket)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) { error("%s: window/maxpacket: %s", __func__, ssh_err(r)); - packet_disconnect("Invalid open confirmation message"); + ssh_packet_disconnect(ssh, "Invalid open confirmation message"); } - ssh_packet_check_eom(ssh); c->have_remote_id = 1; c->remote_window = remote_window; @@ -3188,19 +3193,19 @@ channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh) if (channel_proxy_upstream(c, type, seq, ssh)) return 0; if (c->type != SSH_CHANNEL_OPENING) - packet_disconnect("Received open failure for " + ssh_packet_disconnect(ssh, "Received open failure for " "non-opening channel %d.", c->self); if ((r = sshpkt_get_u32(ssh, &reason)) != 0) { error("%s: reason: %s", __func__, ssh_err(r)); - packet_disconnect("Invalid open failure message"); + ssh_packet_disconnect(ssh, "Invalid open failure message"); } /* skip language */ if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || - (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { + (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) { error("%s: message/lang: %s", __func__, ssh_err(r)); - packet_disconnect("Invalid open failure message"); + ssh_packet_disconnect(ssh, "Invalid open failure message"); } - ssh_packet_check_eom(ssh); logit("channel %d: open failed: %s%s%s", c->self, reason2txt(reason), msg ? ": ": "", msg ? msg : ""); free(msg); @@ -3230,11 +3235,11 @@ channel_input_window_adjust(int type, u_int32_t seq, struct ssh *ssh) if (channel_proxy_upstream(c, type, seq, ssh)) return 0; - if ((r = sshpkt_get_u32(ssh, &adjust)) != 0) { + if ((r = sshpkt_get_u32(ssh, &adjust)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) { error("%s: adjust: %s", __func__, ssh_err(r)); - packet_disconnect("Invalid window adjust message"); + ssh_packet_disconnect(ssh, "Invalid window adjust message"); } - ssh_packet_check_eom(ssh); debug2("channel %d: rcvd adjust %u", c->self, adjust); if ((new_rwin = c->remote_window + adjust) < c->remote_window) { fatal("channel %d: adjust %u overflows remote window %u", @@ -3250,9 +3255,10 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh) int id = channel_parse_id(ssh, __func__, "status confirm"); Channel *c; struct channel_confirm *cc; + int r; /* Reset keepalive timeout */ - packet_set_alive_timeouts(0); + ssh_packet_set_alive_timeouts(ssh, 0); debug2("%s: type %d id %d", __func__, type, id); @@ -3262,7 +3268,8 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh) } if (channel_proxy_upstream(c, type, seq, ssh)) return 0; - ssh_packet_check_eom(ssh); + if ((r = sshpkt_get_end(ssh)) != 0) + ssh_packet_disconnect(ssh, "Invalid status confirm message"); if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL) return 0; cc->cb(ssh, type, c, cc->ctx); @@ -3297,7 +3304,7 @@ channel_set_af(struct ssh *ssh, int af) * "127.0.0.1" / "::1" -> accepted even if gateway_ports isn't set */ static const char * -channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, +channel_fwd_bind_addr(struct ssh *ssh, const char *listen_addr, int *wildcardp, int is_client, struct ForwardOptions *fwd_opts) { const char *addr = NULL; @@ -3320,7 +3327,8 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, if (*listen_addr != '\0' && strcmp(listen_addr, "0.0.0.0") != 0 && strcmp(listen_addr, "*") != 0) { - packet_send_debug("Forwarding listen address " + ssh_packet_send_debug(ssh, + "Forwarding listen address " "\"%s\" overridden by server " "GatewayPorts", listen_addr); } @@ -3374,7 +3382,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, } /* Determine the bind address, cf. channel_fwd_bind_addr() comment */ - addr = channel_fwd_bind_addr(fwd->listen_host, &wildcard, + addr = channel_fwd_bind_addr(ssh, fwd->listen_host, &wildcard, is_client, fwd_opts); debug3("%s: type %d wildcard %d addr %s", __func__, type, wildcard, (addr == NULL) ? "NULL" : addr); @@ -3391,7 +3399,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { if (addr == NULL) { /* This really shouldn't happen */ - packet_disconnect("getaddrinfo: fatal error: %s", + ssh_packet_disconnect(ssh, "getaddrinfo: fatal error: %s", ssh_gai_strerror(r)); } else { error("%s: getaddrinfo(%.64s): %s", __func__, addr, @@ -3640,7 +3648,7 @@ channel_cancel_lport_listener_tcpip(struct ssh *ssh, { u_int i; int found = 0; - const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, fwd_opts); + const char *addr = channel_fwd_bind_addr(ssh, lhost, NULL, 1, fwd_opts); for (i = 0; i < ssh->chanctxt->channels_alloc; i++) { Channel *c = ssh->chanctxt->channels[i]; @@ -3792,7 +3800,7 @@ channel_setup_remote_fwd_listener(struct ssh *ssh, struct Forward *fwd, int *allocated_listen_port, struct ForwardOptions *fwd_opts) { if (!check_rfwd_permission(ssh, fwd)) { - packet_send_debug("port forwarding refused"); + ssh_packet_send_debug(ssh, "port forwarding refused"); return 0; } if (fwd->listen_path != NULL) { -- cgit v1.2.3 From 172a592a53ebe8649c4ac0d7946e6c08eb151af6 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:37:48 +0000 Subject: upstream: convert servconf.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4 --- auth.c | 5 +++-- servconf.c | 10 +++------- servconf.h | 4 ++-- sshd.c | 6 +++--- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/auth.c b/auth.c index 94f43a6c2..d82b40683 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.136 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.137 2019/01/19 21:37:48 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -572,8 +572,9 @@ getpwnamallow(const char *user) #endif #endif struct passwd *pw; - struct connection_info *ci = get_connection_info(1, options.use_dns); + struct connection_info *ci; + ci = get_connection_info(ssh, 1, options.use_dns); ci->user = user; parse_server_match_config(&options, ci); log_change_level(options.log_level); diff --git a/servconf.c b/servconf.c index 0ec095bd0..86c631bb0 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.345 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.346 2019/01/19 21:37:48 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -65,9 +65,6 @@ #include "myproposal.h" #include "digest.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - static void add_listen_addr(ServerOptions *, const char *, const char *, int); static void add_one_listen_addr(ServerOptions *, const char *, @@ -926,12 +923,11 @@ process_permitopen(struct ssh *ssh, ServerOptions *options) } struct connection_info * -get_connection_info(int populate, int use_dns) +get_connection_info(struct ssh *ssh, int populate, int use_dns) { - struct ssh *ssh = active_state; /* XXX */ static struct connection_info ci; - if (!populate) + if (ssh == NULL || !populate) return &ci; ci.host = auth_get_canonical_hostname(ssh, use_dns); ci.address = ssh_remote_ipaddr(ssh); diff --git a/servconf.h b/servconf.h index 548ad5a0c..54e0a8d8d 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.138 2018/11/19 04:12:32 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.139 2019/01/19 21:37:48 djm Exp $ */ /* * Author: Tatu Ylonen @@ -258,7 +258,7 @@ struct connection_info { M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ } while (0) -struct connection_info *get_connection_info(int, int); +struct connection_info *get_connection_info(struct ssh *, int, int); void initialize_server_options(ServerOptions *); void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, diff --git a/sshd.c b/sshd.c index ad8c152a5..64f27a7bb 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.522 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.523 2019/01/19 21:37:48 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1493,7 +1493,7 @@ main(int ac, char **av) test_flag = 2; break; case 'C': - connection_info = get_connection_info(0, 0); + connection_info = get_connection_info(ssh, 0, 0); if (parse_server_match_testspec(connection_info, optarg) == -1) exit(1); @@ -1776,7 +1776,7 @@ main(int ac, char **av) * use a blank one that will cause no predicate to match. */ if (connection_info == NULL) - connection_info = get_connection_info(0, 0); + connection_info = get_connection_info(ssh, 0, 0); parse_server_match_config(&options, connection_info); dump_config(&options); } -- cgit v1.2.3 From 5ebce136a6105f084db8f0d7ee41981d42daec40 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 20 Jan 2019 09:44:53 +1100 Subject: upstream: convert auth2.c to new packet API OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999 --- auth.h | 6 ++-- auth2.c | 106 ++++++++++++++++++++++++++++++++++++---------------------------- sshd.c | 5 +-- 3 files changed, 64 insertions(+), 53 deletions(-) diff --git a/auth.h b/auth.h index 977562f0a..68104e50b 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.97 2019/01/19 21:38:24 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -166,15 +166,13 @@ int auth_shadow_pwexpired(Authctxt *); #include "audit.h" void remove_kbdint_device(const char *); -void do_authentication2(Authctxt *); +void do_authentication2(struct ssh *); void auth_log(Authctxt *, int, int, const char *, const char *); void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); void userauth_finish(struct ssh *, int, const char *, const char *); int auth_root_allowed(struct ssh *, const char *); -void userauth_send_banner(const char *); - char *auth2_read_banner(void); int auth2_methods_valid(const char *, int); int auth2_update_methods_lists(Authctxt *, const char *, const char *); diff --git a/auth2.c b/auth2.c index 3df2acf78..2ea71210c 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.152 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.153 2019/01/19 21:38:24 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -61,9 +61,6 @@ #include "ssherr.h" #include "digest.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* import */ extern ServerOptions options; extern u_char *session_id2; @@ -141,18 +138,21 @@ auth2_read_banner(void) return (banner); } -void -userauth_send_banner(const char *msg) +static void +userauth_send_banner(struct ssh *ssh, const char *msg) { - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(msg); - packet_put_cstring(""); /* language, unused */ - packet_send(); + int r; + + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 || + (r = sshpkt_put_cstring(ssh, msg)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language, unused */ + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); debug("%s: sent", __func__); } static void -userauth_banner(void) +userauth_banner(struct ssh *ssh) { char *banner = NULL; @@ -161,7 +161,7 @@ userauth_banner(void) if ((banner = PRIVSEP(auth2_read_banner())) == NULL) goto done; - userauth_send_banner(banner); + userauth_send_banner(ssh, banner); done: free(banner); @@ -171,10 +171,10 @@ done: * loop until authctxt->success == TRUE */ void -do_authentication2(Authctxt *authctxt) +do_authentication2(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ - ssh->authctxt = authctxt; /* XXX move to caller */ + Authctxt *authctxt = ssh->authctxt; + ssh_dispatch_init(ssh, &dispatch_protocol_error); ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request); ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success); @@ -186,10 +186,12 @@ static int input_service_request(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; - u_int len; - int acceptit = 0; - char *service = packet_get_cstring(&len); - packet_check_eom(); + char *service = NULL; + int r, acceptit = 0; + + if ((r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; if (authctxt == NULL) fatal("input_service_request: no authctxt"); @@ -198,20 +200,24 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh) if (!authctxt->success) { acceptit = 1; /* now we can handle user-auth requests */ - ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, + &input_userauth_request); } } /* XXX all other service requests are denied */ if (acceptit) { - packet_start(SSH2_MSG_SERVICE_ACCEPT); - packet_put_cstring(service); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_ACCEPT)) != 0 || + (r = sshpkt_put_cstring(ssh, service)) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + goto out; } else { debug("bad service request %s", service); - packet_disconnect("bad service request %s", service); + ssh_packet_disconnect(ssh, "bad service request %s", service); } + r = 0; + out: free(service); return 0; } @@ -259,16 +265,17 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; Authmethod *m = NULL; - char *user, *service, *method, *style = NULL; - int authenticated = 0; + char *user = NULL, *service = NULL, *method = NULL, *style = NULL; + int r, authenticated = 0; double tstart = monotime_double(); if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); - user = packet_get_cstring(NULL); - service = packet_get_cstring(NULL); - method = packet_get_cstring(NULL); + if ((r = sshpkt_get_cstring(ssh, &user, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &method, NULL)) != 0) + goto out; debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); @@ -302,13 +309,14 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) authctxt->style = style ? xstrdup(style) : NULL; if (use_privsep) mm_inform_authserv(service, style); - userauth_banner(); + userauth_banner(ssh); if (auth2_setup_methods_lists(authctxt) != 0) - packet_disconnect("no authentication methods enabled"); + ssh_packet_disconnect(ssh, + "no authentication methods enabled"); } else if (strcmp(user, authctxt->user) != 0 || strcmp(service, authctxt->service) != 0) { - packet_disconnect("Change of username or service not allowed: " - "(%s,%s) -> (%s,%s)", + ssh_packet_disconnect(ssh, "Change of username or service " + "not allowed: (%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } /* reset state */ @@ -334,11 +342,12 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) ensure_minimum_time_since(tstart, user_specific_delay(authctxt->user)); userauth_finish(ssh, authenticated, method, NULL); - + r = 0; + out: free(service); free(user); free(method); - return 0; + return r; } void @@ -347,7 +356,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, { Authctxt *authctxt = ssh->authctxt; char *methods; - int partial = 0; + int r, partial = 0; if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", @@ -391,7 +400,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - userauth_send_banner(sshbuf_ptr(loginmsg)); + userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); packet_write_wait(); } fatal("Access denied for user %s by PAM account " @@ -402,10 +411,12 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if (authenticated == 1) { /* turn off userauth */ - ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); - packet_start(SSH2_MSG_USERAUTH_SUCCESS); - packet_send(); - packet_write_wait(); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, + &dispatch_protocol_ignore); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); /* now we can break out */ authctxt->success = 1; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); @@ -423,11 +434,12 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, methods = authmethods_get(authctxt); debug3("%s: failure partial=%d next methods=\"%s\"", __func__, partial, methods); - packet_start(SSH2_MSG_USERAUTH_FAILURE); - packet_put_cstring(methods); - packet_put_char(partial); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 || + (r = sshpkt_put_cstring(ssh, methods)) != 0 || + (r = sshpkt_put_u8(ssh, partial)) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); free(methods); } } diff --git a/sshd.c b/sshd.c index 64f27a7bb..c2cd5b068 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.523 2019/01/19 21:37:48 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.524 2019/01/19 21:38:24 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2044,7 +2044,8 @@ main(int ac, char **av) /* perform the key exchange */ /* authenticate user and start session */ do_ssh2_kex(); - do_authentication2(authctxt); + ssh->authctxt = authctxt; + do_authentication2(ssh); /* * If we use privilege separation, the unprivileged child transfers -- cgit v1.2.3 From bc5e1169d101d16e3a5962a928db2bc49a8ef5a3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:39:12 +0000 Subject: upstream: convert the remainder of clientloop.c to new packet API with & ok markus@ OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e --- clientloop.c | 67 +++++++++++++++++++++++++++++------------------------------- 1 file changed, 32 insertions(+), 35 deletions(-) diff --git a/clientloop.c b/clientloop.c index 5f87b24a2..521467bd2 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.320 2019/01/19 21:33:57 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.321 2019/01/19 21:39:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -112,9 +112,6 @@ #include "ssherr.h" #include "hostfile.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* import options */ extern Options options; @@ -163,7 +160,7 @@ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed; /* In SSH2: login session closed. */ static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ -static void client_init_dispatch(void); +static void client_init_dispatch(struct ssh *ssh); int session_ident = -1; /* Track escape per proto2 channel */ @@ -515,7 +512,7 @@ client_wait_until_can_do_something(struct ssh *ssh, int r, ret; /* Add any selections by the channel mechanism. */ - channel_prepare_select(active_state, readsetp, writesetp, maxfdp, + channel_prepare_select(ssh, readsetp, writesetp, maxfdp, nallocp, &minwait_secs); /* channel_prepare_select could have closed the last channel */ @@ -1189,9 +1186,9 @@ process_escapes(struct ssh *ssh, Channel *c, */ static void -client_process_buffered_input_packets(void) +client_process_buffered_input_packets(struct ssh *ssh) { - ssh_dispatch_run_fatal(active_state, DISPATCH_NONBLOCK, &quit_pending); + ssh_dispatch_run_fatal(ssh, DISPATCH_NONBLOCK, &quit_pending); } /* scan buf[] for '~' before sending data to the peer */ @@ -1298,7 +1295,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, if ((stderr_buffer = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); - client_init_dispatch(); + client_init_dispatch(ssh); /* * Set signal handlers, (e.g. to restore non-blocking mode) @@ -1334,7 +1331,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, while (!quit_pending) { /* Process buffered packets sent by the server. */ - client_process_buffered_input_packets(); + client_process_buffered_input_packets(ssh); if (session_closed && !channel_still_open(ssh)) break; @@ -1577,7 +1574,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) { Channel *c = NULL; char *originator; - int originator_port; + u_int originator_port; int r, sock; if (!options.forward_x11) { @@ -1592,11 +1589,12 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) return NULL; } if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || - (r = sshpkt_get_u32(ssh, (u_int *)&originator_port)) != 0 || + (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); /* XXX check permission */ - debug("client_request_x11: request from %s %d", originator, + /* XXX range check originator port? */ + debug("client_request_x11: request from %s %u", originator, originator_port); free(originator); sock = x11_connect_display(ssh); @@ -1673,7 +1671,7 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode, (r = sshpkt_put_u32(ssh, tun_mode)) != 0 || (r = sshpkt_put_u32(ssh, remote_tun)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + sshpkt_fatal(ssh, r, "%s: send reply", __func__); return ifname; } @@ -2055,9 +2053,8 @@ key_accepted_by_hostkeyalgs(const struct sshkey *key) * HostkeyAlgorithms preference before they are accepted. */ static int -client_input_hostkeys(void) +client_input_hostkeys(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ const u_char *blob = NULL; size_t i, len = 0; struct sshbuf *buf = NULL; @@ -2217,7 +2214,7 @@ client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) debug("client_input_global_request: rtype %s want_reply %d", rtype, want_reply); if (strcmp(rtype, "hostkeys-00@openssh.com") == 0) - success = client_input_hostkeys(); + success = client_input_hostkeys(ssh); if (want_reply) { if ((r = sshpkt_start(ssh, success ? SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE)) != 0 || @@ -2353,29 +2350,29 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, } static void -client_init_dispatch(void) +client_init_dispatch(struct ssh *ssh) { - dispatch_init(&dispatch_protocol_error); - - dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose); - dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data); - dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof); - dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data); - dispatch_set(SSH2_MSG_CHANNEL_OPEN, &client_input_channel_open); - dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); - dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); - dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req); - dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); - dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm); - dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm); - dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request); + ssh_dispatch_init(ssh, &dispatch_protocol_error); + + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA, &channel_input_data); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF, &channel_input_ieof); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN, &client_input_channel_open); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm); + ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request); /* rekeying */ - dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); /* global request reply messages */ - dispatch_set(SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply); - dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply); + ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply); + ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply); } void -- cgit v1.2.3 From 64c9598ac05332d1327cbf55334dee4172d216c4 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:40:21 +0000 Subject: upstream: convert the remainder of sshconnect2.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71 --- sshconnect2.c | 95 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 46 insertions(+), 49 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index bd98a12a7..f521f4a55 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.294 2019/01/19 21:34:45 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.295 2019/01/19 21:40:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -77,9 +77,6 @@ #include "ssh-gss.h" #endif -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* import */ extern char *client_version_string; extern char *server_version_string; @@ -285,8 +282,8 @@ struct cauthctxt { struct cauthmethod { char *name; /* string to compare against server's list */ - int (*userauth)(Authctxt *authctxt); - void (*cleanup)(Authctxt *authctxt); + int (*userauth)(struct ssh *ssh); + void (*cleanup)(struct ssh *ssh); int *enabled; /* flag in option struct that enables method */ int *batch_flag; /* flag in option struct that disables method */ }; @@ -302,14 +299,14 @@ int input_userauth_info_req(int, u_int32_t, struct ssh *); int input_userauth_pk_ok(int, u_int32_t, struct ssh *); int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); -int userauth_none(Authctxt *); -int userauth_pubkey(Authctxt *); -int userauth_passwd(Authctxt *); -int userauth_kbdint(Authctxt *); -int userauth_hostbased(Authctxt *); +int userauth_none(struct ssh *); +int userauth_pubkey(struct ssh *); +int userauth_passwd(struct ssh *); +int userauth_kbdint(struct ssh *); +int userauth_hostbased(struct ssh *); #ifdef GSSAPI -int userauth_gssapi(Authctxt *authctxt); +int userauth_gssapi(struct ssh *); int input_gssapi_response(int type, u_int32_t, struct ssh *); int input_gssapi_token(int type, u_int32_t, struct ssh *); int input_gssapi_hash(int type, u_int32_t, struct ssh *); @@ -317,9 +314,9 @@ int input_gssapi_error(int, u_int32_t, struct ssh *); int input_gssapi_errtok(int, u_int32_t, struct ssh *); #endif -void userauth(Authctxt *, char *); +void userauth(struct ssh *, char *); -static int sign_and_send_pubkey(struct ssh *ssh, Authctxt *, Identity *); +static int sign_and_send_pubkey(struct ssh *ssh, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); static void pubkey_reset(Authctxt *); @@ -423,7 +420,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, int input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ssh->authctxt; int r; if (ssh_packet_remaining(ssh) > 0) { @@ -441,7 +437,7 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) debug("SSH2_MSG_SERVICE_ACCEPT received"); /* initial userauth request */ - userauth_none(authctxt); + userauth_none(ssh); ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); @@ -460,12 +456,12 @@ input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) } void -userauth(Authctxt *authctxt, char *authlist) +userauth(struct ssh *ssh, char *authlist) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; if (authctxt->method != NULL && authctxt->method->cleanup != NULL) - authctxt->method->cleanup(authctxt); + authctxt->method->cleanup(ssh); free(authctxt->methoddata); authctxt->methoddata = NULL; @@ -487,7 +483,7 @@ userauth(Authctxt *authctxt, char *authlist) SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); /* and try new method */ - if (method->userauth(authctxt) != 0) { + if (method->userauth(ssh) != 0) { debug2("we sent a %s packet, wait for reply", method->name); break; } else { @@ -501,8 +497,7 @@ userauth(Authctxt *authctxt, char *authlist) int input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) { - fatal("input_userauth_error: bad message during authentication: " - "type %d", type); + fatal("%s: bad message during authentication: type %d", __func__, type); return 0; } @@ -510,20 +505,19 @@ input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) int input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) { - char *msg = NULL, *lang = NULL; + char *msg = NULL; size_t len; int r; debug3("%s", __func__); if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 || - (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0) + (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) goto out; if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) fmprintf(stderr, "%s", msg); r = 0; out: free(msg); - free(lang); return r; } @@ -534,11 +528,11 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; if (authctxt == NULL) - fatal("input_userauth_success: no authentication context"); + fatal("%s: no authentication context", __func__); free(authctxt->authlist); authctxt->authlist = NULL; if (authctxt->method != NULL && authctxt->method->cleanup != NULL) - authctxt->method->cleanup(authctxt); + authctxt->method->cleanup(ssh); free(authctxt->methoddata); authctxt->methoddata = NULL; authctxt->success = 1; /* break out */ @@ -582,7 +576,7 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) } debug("Authentications that can continue: %s", authlist); - userauth(authctxt, authlist); + userauth(ssh, authlist); authlist = NULL; out: free(authlist); @@ -669,7 +663,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) } ident = format_identity(id); debug("Server accepts key: %s", ident); - sent = sign_and_send_pubkey(ssh, authctxt, id); + sent = sign_and_send_pubkey(ssh, id); r = 0; done: sshkey_free(key); @@ -680,15 +674,15 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) /* try another method if we did not send a packet */ if (r == 0 && sent == 0) - userauth(authctxt, NULL); + userauth(ssh, NULL); return r; } #ifdef GSSAPI int -userauth_gssapi(Authctxt *authctxt) +userauth_gssapi(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; Gssctxt *gssctxt = NULL; static gss_OID_set gss_supported = NULL; static u_int mech = 0; @@ -946,9 +940,9 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) #endif /* GSSAPI */ int -userauth_none(Authctxt *authctxt) +userauth_none(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; int r; /* initial userauth request */ @@ -962,9 +956,9 @@ userauth_none(Authctxt *authctxt) } int -userauth_passwd(Authctxt *authctxt) +userauth_passwd(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; char *password, *prompt = NULL; const char *host = options.host_key_alias ? options.host_key_alias : authctxt->host; @@ -1186,8 +1180,9 @@ id_filename_matches(Identity *id, Identity *private_id) } static int -sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id) +sign_and_send_pubkey(struct ssh *ssh, Identity *id) { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; struct sshbuf *b = NULL; Identity *private_id, *sign_id = NULL; u_char *signature = NULL; @@ -1345,8 +1340,9 @@ sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id) } static int -send_pubkey_test(struct ssh *ssh, Authctxt *authctxt, Identity *id) +send_pubkey_test(struct ssh *ssh, Identity *id) { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; u_char *blob = NULL; char *alg = NULL; size_t bloblen; @@ -1663,9 +1659,9 @@ try_identity(Identity *id) } int -userauth_pubkey(Authctxt *authctxt) +userauth_pubkey(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; Identity *id; int sent = 0; char *ident; @@ -1686,7 +1682,7 @@ userauth_pubkey(Authctxt *authctxt) ident = format_identity(id); debug("Offering public key: %s", ident); free(ident); - sent = send_pubkey_test(ssh, authctxt, id); + sent = send_pubkey_test(ssh, id); } } else { debug("Trying private key: %s", id->filename); @@ -1694,8 +1690,7 @@ userauth_pubkey(Authctxt *authctxt) if (id->key != NULL) { if (try_identity(id)) { id->isprivate = 1; - sent = sign_and_send_pubkey(ssh, - authctxt, id); + sent = sign_and_send_pubkey(ssh, id); } sshkey_free(id->key); id->key = NULL; @@ -1712,9 +1707,9 @@ userauth_pubkey(Authctxt *authctxt) * Send userauth request message specifying keyboard-interactive method. */ int -userauth_kbdint(Authctxt *authctxt) +userauth_kbdint(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; int r; if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts) @@ -1816,7 +1811,8 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, struct sshbuf *b; struct stat st; pid_t pid; - int i, r, to[2], from[2], status, sock = ssh_packet_get_connection_in(ssh); + int i, r, to[2], from[2], status; + int sock = ssh_packet_get_connection_in(ssh); u_char rversion = 0, version = 2; void (*osigchld)(int); @@ -1924,9 +1920,9 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, } int -userauth_hostbased(Authctxt *authctxt) +userauth_hostbased(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; struct sshkey *private = NULL; struct sshbuf *b = NULL; u_char *sig = NULL, *keyblob = NULL; @@ -1990,7 +1986,8 @@ userauth_hostbased(Authctxt *authctxt) __func__, sshkey_ssh_name(private), fp); /* figure out a name for the client host */ - if ((lname = get_local_name(ssh_packet_get_connection_in(ssh))) == NULL) { + lname = get_local_name(ssh_packet_get_connection_in(ssh)); + if (lname == NULL) { error("%s: cannot get local ipaddr/name", __func__); goto out; } -- cgit v1.2.3 From 7ec5cb4d15ed2f2c5c9f5d00e6b361d136fc1e2d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:40:48 +0000 Subject: upstream: convert serverloop.c to new packet API with & ok markus@ OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885 --- serverloop.c | 356 ++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 204 insertions(+), 152 deletions(-) diff --git a/serverloop.c b/serverloop.c index e0c26bbbc..c60758e88 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.210 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.211 2019/01/19 21:40:48 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -78,9 +79,6 @@ #include "serverloop.h" #include "ssherr.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - extern ServerOptions options; /* XXX */ @@ -101,7 +99,7 @@ static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. static volatile sig_atomic_t received_sigterm = 0; /* prototypes */ -static void server_init_dispatch(void); +static void server_init_dispatch(struct ssh *); /* requested tunnel forwarding interface(s), shared with session.c */ char *tun_fwd_ifnames = NULL; @@ -182,11 +180,12 @@ sigterm_handler(int sig) static void client_alive_check(struct ssh *ssh) { - int channel_id; char remote_id[512]; + int r, channel_id; /* timeout, check to see how many we have had */ - if (packet_inc_alive_timeouts() > options.client_alive_count_max) { + if (ssh_packet_inc_alive_timeouts(ssh) > + options.client_alive_count_max) { sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); logit("Timeout, client not responding from %s", remote_id); cleanup_exit(255); @@ -197,14 +196,17 @@ client_alive_check(struct ssh *ssh) * we should get back a failure */ if ((channel_id = channel_find_open(ssh)) == -1) { - packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring("keepalive@openssh.com"); - packet_put_char(1); /* boolean: want reply */ + if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) + != 0 || + (r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */ + fatal("%s: %s", __func__, ssh_err(r)); } else { channel_request_start(ssh, channel_id, "keepalive@openssh.com", 1); } - packet_send(); + if ((r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } /* @@ -261,14 +263,14 @@ wait_until_can_do_something(struct ssh *ssh, * If we have buffered packet data going to the client, mark that * descriptor. */ - if (packet_have_data_to_write()) + if (ssh_packet_have_data_to_write(ssh)) FD_SET(connection_out, *writesetp); /* * If child has terminated and there is enough buffer space to read * from it, then read as much as is available and exit. */ - if (child_terminated && packet_not_very_much_data_to_write()) + if (child_terminated && ssh_packet_not_very_much_data_to_write(ssh)) if (max_time_ms == 0 || client_alive_scheduled) max_time_ms = 100; @@ -312,7 +314,7 @@ wait_until_can_do_something(struct ssh *ssh, static int process_input(struct ssh *ssh, fd_set *readset, int connection_in) { - int len; + int r, len; char buf[16384]; /* Read and buffer any input data from the client. */ @@ -333,7 +335,10 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in) } } else { /* Buffer any received data. */ - packet_process_incoming(buf, len); + if ((r = ssh_packet_process_incoming(ssh, buf, len)) + != 0) + fatal("%s: ssh_packet_process_incoming: %s", + __func__, ssh_err(r)); } } return 0; @@ -343,11 +348,16 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in) * Sends data from internal buffers to client program stdin. */ static void -process_output(fd_set *writeset, int connection_out) +process_output(struct ssh *ssh, fd_set *writeset, int connection_out) { + int r; + /* Send any buffered packet data to the client. */ - if (FD_ISSET(connection_out, writeset)) - packet_write_poll(); + if (FD_ISSET(connection_out, writeset)) { + if ((r = ssh_packet_write_poll(ssh)) != 0) + fatal("%s: ssh_packet_write_poll: %s", + __func__, ssh_err(r)); + } } static void @@ -390,8 +400,8 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) signal(SIGCHLD, sigchld_handler); child_terminated = 0; - connection_in = packet_get_connection_in(); - connection_out = packet_get_connection_out(); + connection_in = ssh_packet_get_connection_in(ssh); + connection_out = ssh_packet_get_connection_out(ssh); if (!use_privsep) { signal(SIGTERM, sigterm_handler); @@ -404,18 +414,21 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) max_fd = MAXIMUM(connection_in, connection_out); max_fd = MAXIMUM(max_fd, notify_pipe[0]); - server_init_dispatch(); + server_init_dispatch(ssh); for (;;) { process_buffered_input_packets(ssh); if (!ssh_packet_is_rekeying(ssh) && - packet_not_very_much_data_to_write()) + ssh_packet_not_very_much_data_to_write(ssh)) channel_output_poll(ssh); - if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) - rekey_timeout_ms = packet_get_rekey_timeout() * 1000; - else + if (options.rekey_interval > 0 && + !ssh_packet_is_rekeying(ssh)) { + rekey_timeout_ms = ssh_packet_get_rekey_timeout(ssh) * + 1000; + } else { rekey_timeout_ms = 0; + } wait_until_can_do_something(ssh, connection_in, connection_out, &readset, &writeset, &max_fd, &nalloc, rekey_timeout_ms); @@ -431,7 +444,7 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) channel_after_select(ssh, readset, writeset); if (process_input(ssh, readset, connection_in) < 0) break; - process_output(writeset, connection_out); + process_output(ssh, writeset, connection_out); } collect_children(ssh); @@ -454,7 +467,7 @@ server_input_keep_alive(int type, u_int32_t seq, struct ssh *ssh) * even if this was generated by something other than * the bogus CHANNEL_REQUEST we send for keepalives. */ - packet_set_alive_timeouts(0); + ssh_packet_set_alive_timeouts(ssh, 0); return 0; } @@ -462,16 +475,28 @@ static Channel * server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg) { Channel *c = NULL; - char *target, *originator; - u_short target_port, originator_port; - - target = packet_get_string(NULL); - target_port = packet_get_int(); - originator = packet_get_string(NULL); - originator_port = packet_get_int(); - packet_check_eom(); + char *target = NULL, *originator = NULL; + u_int target_port = 0, originator_port = 0; + int r; + + if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &target_port)) != 0 || + (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + if (target_port > 0xFFFF) { + error("%s: invalid target port", __func__); + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; + goto out; + } + if (originator_port > 0xFFFF) { + error("%s: invalid originator port", __func__); + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; + goto out; + } - debug("%s: originator %s port %d, target %s port %d", __func__, + debug("%s: originator %s port %u, target %s port %u", __func__, originator, originator_port, target, target_port); /* XXX fine grained permissions */ @@ -488,9 +513,9 @@ server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg) *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; } + out: free(originator); free(target); - return c; } @@ -498,17 +523,23 @@ static Channel * server_request_direct_streamlocal(struct ssh *ssh) { Channel *c = NULL; - char *target, *originator; - u_short originator_port; + char *target = NULL, *originator = NULL; + u_int originator_port = 0; struct passwd *pw = the_authctxt->pw; + int r; if (pw == NULL || !the_authctxt->valid) fatal("%s: no/invalid user", __func__); - target = packet_get_string(NULL); - originator = packet_get_string(NULL); - originator_port = packet_get_int(); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + if (originator_port > 0xFFFF) { + error("%s: invalid originator port", __func__); + goto out; + } debug("%s: originator %s port %d, target %s", __func__, originator, originator_port, target); @@ -525,9 +556,9 @@ server_request_direct_streamlocal(struct ssh *ssh) originator, originator_port, target); } +out: free(originator); free(target); - return c; } @@ -535,27 +566,35 @@ static Channel * server_request_tun(struct ssh *ssh) { Channel *c = NULL; - int mode, tun, sock; + u_int mode, tun; + int r, sock; char *tmp, *ifname = NULL; - mode = packet_get_int(); + if ((r = sshpkt_get_u32(ssh, &mode)) != 0) + sshpkt_fatal(ssh, r, "%s: parse mode", __func__); switch (mode) { case SSH_TUNMODE_POINTOPOINT: case SSH_TUNMODE_ETHERNET: break; default: - packet_send_debug("Unsupported tunnel device mode."); + ssh_packet_send_debug(ssh, "Unsupported tunnel device mode."); return NULL; } if ((options.permit_tun & mode) == 0) { - packet_send_debug("Server has rejected tunnel device " + ssh_packet_send_debug(ssh, "Server has rejected tunnel device " "forwarding"); return NULL; } - tun = packet_get_int(); + if ((r = sshpkt_get_u32(ssh, &tun)) != 0) + sshpkt_fatal(ssh, r, "%s: parse device", __func__); + if (tun > INT_MAX) { + debug("%s: invalid tun", __func__); + goto done; + } if (auth_opts->force_tun_device != -1) { - if (tun != SSH_TUNID_ANY && auth_opts->force_tun_device != tun) + if (tun != SSH_TUNID_ANY && + auth_opts->force_tun_device != (int)tun) goto done; tun = auth_opts->force_tun_device; } @@ -588,7 +627,7 @@ server_request_tun(struct ssh *ssh) done: if (c == NULL) - packet_send_debug("Failed to open the tunnel device."); + ssh_packet_send_debug(ssh, "Failed to open the tunnel device."); return c; } @@ -596,13 +635,15 @@ static Channel * server_request_session(struct ssh *ssh) { Channel *c; + int r; debug("input_session_request"); - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (no_more_sessions) { - packet_disconnect("Possible attack: attempt to open a session " - "after additional sessions disabled"); + sshpkt_disconnect(ssh, "Possible attack: attempt to open a " + "session after additional sessions disabled"); } /* @@ -627,20 +668,22 @@ static int server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = NULL; - char *ctype; + char *ctype = NULL; const char *errmsg = NULL; - int rchan, reason = SSH2_OPEN_CONNECT_FAILED; - u_int rmaxpack, rwindow, len; - - ctype = packet_get_string(&len); - rchan = packet_get_int(); - rwindow = packet_get_int(); - rmaxpack = packet_get_int(); - - debug("%s: ctype %s rchan %d win %d max %d", __func__, + int r, reason = SSH2_OPEN_CONNECT_FAILED; + u_int rchan = 0, rmaxpack = 0, rwindow = 0; + + if ((r = sshpkt_get_cstring(ssh, &ctype, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &rchan)) != 0 || + (r = sshpkt_get_u32(ssh, &rwindow)) != 0 || + (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + debug("%s: ctype %s rchan %u win %u max %u", __func__, ctype, rchan, rwindow, rmaxpack); - if (strcmp(ctype, "session") == 0) { + if (rchan > INT_MAX) { + error("%s: invalid remote channel ID", __func__); + } else if (strcmp(ctype, "session") == 0) { c = server_request_session(ssh); } else if (strcmp(ctype, "direct-tcpip") == 0) { c = server_request_direct_tcpip(ssh, &reason, &errmsg); @@ -651,26 +694,32 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) } if (c != NULL) { debug("%s: confirm %s", __func__, ctype); - c->remote_id = rchan; + c->remote_id = (int)rchan; c->have_remote_id = 1; c->remote_window = rwindow; c->remote_maxpacket = rmaxpack; if (c->type != SSH_CHANNEL_CONNECTING) { - packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); - packet_put_int(c->remote_id); - packet_put_int(c->self); - packet_put_int(c->local_window); - packet_put_int(c->local_maxpacket); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 || + (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || + (r = sshpkt_put_u32(ssh, c->self)) != 0 || + (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || + (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || + (r = sshpkt_send(ssh)) != 0) { + sshpkt_fatal(ssh, r, + "%s: send open confirm", __func__); + } } } else { debug("%s: failure %s", __func__, ctype); - packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); - packet_put_int(rchan); - packet_put_int(reason); - packet_put_cstring(errmsg ? errmsg : "open failed"); - packet_put_cstring(""); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || + (r = sshpkt_put_u32(ssh, rchan)) != 0 || + (r = sshpkt_put_u32(ssh, reason)) != 0 || + (r = sshpkt_put_cstring(ssh, errmsg ? errmsg : "open failed")) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_send(ssh)) != 0) { + sshpkt_fatal(ssh, r, + "%s: send open failure", __func__); + } } free(ctype); return 0; @@ -757,65 +806,66 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) static int server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) { - char *rtype; - int want_reply; + char *rtype = NULL; + u_char want_reply = 0; int r, success = 0, allocated_listen_port = 0; + u_int port = 0; struct sshbuf *resp = NULL; struct passwd *pw = the_authctxt->pw; + struct Forward fwd; + memset(&fwd, 0, sizeof(fwd)); if (pw == NULL || !the_authctxt->valid) fatal("%s: no/invalid user", __func__); - rtype = packet_get_string(NULL); - want_reply = packet_get_char(); + if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 || + (r = sshpkt_get_u8(ssh, &want_reply)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply); /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { - struct Forward fwd; - - memset(&fwd, 0, sizeof(fwd)); - fwd.listen_host = packet_get_string(NULL); - fwd.listen_port = (u_short)packet_get_int(); - debug("%s: tcpip-forward listen %s port %d", __func__, - fwd.listen_host, fwd.listen_port); - + if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &port)) != 0) + sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__); + debug("%s: tcpip-forward listen %s port %u", __func__, + fwd.listen_host, port); + if (port <= INT_MAX) + fwd.listen_port = (int)port; /* check permissions */ - if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || + if (port > INT_MAX || + (options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || !auth_opts->permit_port_forwarding_flag || options.disable_forwarding || (!want_reply && fwd.listen_port == 0) || (fwd.listen_port != 0 && !bind_permitted(fwd.listen_port, pw->pw_uid))) { success = 0; - packet_send_debug("Server has disabled port forwarding."); + ssh_packet_send_debug(ssh, "Server has disabled port forwarding."); } else { /* Start listening on the port */ success = channel_setup_remote_fwd_listener(ssh, &fwd, &allocated_listen_port, &options.fwd_opts); } - free(fwd.listen_host); if ((resp = sshbuf_new()) == NULL) fatal("%s: sshbuf_new", __func__); if (allocated_listen_port != 0 && (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0) fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r)); } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { - struct Forward fwd; + if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &port)) != 0) + sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__); - memset(&fwd, 0, sizeof(fwd)); - fwd.listen_host = packet_get_string(NULL); - fwd.listen_port = (u_short)packet_get_int(); debug("%s: cancel-tcpip-forward addr %s port %d", __func__, - fwd.listen_host, fwd.listen_port); - - success = channel_cancel_rport_listener(ssh, &fwd); - free(fwd.listen_host); + fwd.listen_host, port); + if (port <= INT_MAX) { + fwd.listen_port = (int)port; + success = channel_cancel_rport_listener(ssh, &fwd); + } } else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) { - struct Forward fwd; - - memset(&fwd, 0, sizeof(fwd)); - fwd.listen_path = packet_get_string(NULL); + if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0) + sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__); debug("%s: streamlocal-forward listen path %s", __func__, fwd.listen_path); @@ -825,39 +875,37 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) options.disable_forwarding || (pw->pw_uid != 0 && !use_privsep)) { success = 0; - packet_send_debug("Server has disabled " + ssh_packet_send_debug(ssh, "Server has disabled " "streamlocal forwarding."); } else { /* Start listening on the socket */ success = channel_setup_remote_fwd_listener(ssh, &fwd, NULL, &options.fwd_opts); } - free(fwd.listen_path); } else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) { - struct Forward fwd; - - memset(&fwd, 0, sizeof(fwd)); - fwd.listen_path = packet_get_string(NULL); + if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0) + sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__); debug("%s: cancel-streamlocal-forward path %s", __func__, fwd.listen_path); success = channel_cancel_rport_listener(ssh, &fwd); - free(fwd.listen_path); } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { no_more_sessions = 1; success = 1; } else if (strcmp(rtype, "hostkeys-prove-00@openssh.com") == 0) { success = server_input_hostkeys_prove(ssh, &resp); } + /* XXX sshpkt_get_end() */ if (want_reply) { - packet_start(success ? - SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); - if (success && resp != NULL) - ssh_packet_put_raw(ssh, sshbuf_ptr(resp), - sshbuf_len(resp)); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, success ? + SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE)) != 0 || + (success && resp != NULL && (r = sshpkt_putb(ssh, resp)) != 0) || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: send reply", __func__); } + free(fwd.listen_host); + free(fwd.listen_path); free(rtype); sshbuf_free(resp); return 0; @@ -867,58 +915,62 @@ static int server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) { Channel *c; - int id, reply, success = 0; - char *rtype; + int r, success = 0; + char *rtype = NULL; + u_char want_reply = 0; + u_int id = 0; - id = packet_get_int(); - rtype = packet_get_string(NULL); - reply = packet_get_char(); + if ((r = sshpkt_get_u32(ssh, &id)) != 0 || + (r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 || + (r = sshpkt_get_u8(ssh, &want_reply)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - debug("server_input_channel_req: channel %d request %s reply %d", - id, rtype, reply); + debug("server_input_channel_req: channel %u request %s reply %d", + id, rtype, want_reply); - if ((c = channel_lookup(ssh, id)) == NULL) - packet_disconnect("server_input_channel_req: " - "unknown channel %d", id); + if (id >= INT_MAX || (c = channel_lookup(ssh, (int)id)) == NULL) + sshpkt_disconnect(ssh, "%s: unknown channel %d", __func__, id); if (!strcmp(rtype, "eow@openssh.com")) { - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); chan_rcvd_eow(ssh, c); } else if ((c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0) success = session_input_channel_req(ssh, c, rtype); - if (reply && !(c->flags & CHAN_CLOSE_SENT)) { + if (want_reply && !(c->flags & CHAN_CLOSE_SENT)) { if (!c->have_remote_id) fatal("%s: channel %d: no remote_id", __func__, c->self); - packet_start(success ? - SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); - packet_put_int(c->remote_id); - packet_send(); + if ((r = sshpkt_start(ssh, success ? + SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 || + (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: send reply", __func__); } free(rtype); return 0; } static void -server_init_dispatch(void) +server_init_dispatch(struct ssh *ssh) { debug("server_init_dispatch"); - dispatch_init(&dispatch_protocol_error); - dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose); - dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data); - dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof); - dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data); - dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open); - dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); - dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); - dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req); - dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); - dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request); + ssh_dispatch_init(ssh, &dispatch_protocol_error); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA, &channel_input_data); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF, &channel_input_ieof); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); + ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request); /* client_alive */ - dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive); - dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive); - dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive); - dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive); + ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive); + ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive); + ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive); /* rekeying */ - dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); } -- cgit v1.2.3 From 3a00a921590d4c4b7e96df11bb10e6f9253ad45e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:41:18 +0000 Subject: upstream: convert auth.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4 --- auth.c | 26 ++++++++++---------------- auth.h | 12 ++++++------ auth2.c | 8 ++++---- monitor.c | 8 ++++---- monitor_wrap.c | 5 ++--- monitor_wrap.h | 5 +++-- session.c | 4 ++-- 7 files changed, 31 insertions(+), 37 deletions(-) diff --git a/auth.c b/auth.c index d82b40683..fea2c650f 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.137 2019/01/19 21:37:48 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -77,9 +77,6 @@ #include "compat.h" #include "channels.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* import */ extern ServerOptions options; extern int use_privsep; @@ -100,9 +97,8 @@ static struct sshbuf *auth_debug; * Otherwise true is returned. */ int -allowed_user(struct passwd * pw) +allowed_user(struct ssh *ssh, struct passwd * pw) { - struct ssh *ssh = active_state; /* XXX */ struct stat st; const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; u_int i; @@ -312,10 +308,10 @@ format_method_key(Authctxt *authctxt) } void -auth_log(Authctxt *authctxt, int authenticated, int partial, +auth_log(struct ssh *ssh, int authenticated, int partial, const char *method, const char *submethod) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; int level = SYSLOG_LEVEL_VERBOSE; const char *authmsg; char *extra = NULL; @@ -377,9 +373,9 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, void -auth_maxtries_exceeded(Authctxt *authctxt) +auth_maxtries_exceeded(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; error("maximum authentication attempts exceeded for " "%s%.100s from %.200s port %d ssh2", @@ -387,7 +383,7 @@ auth_maxtries_exceeded(Authctxt *authctxt) authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - packet_disconnect("Too many authentication failures"); + ssh_packet_disconnect(ssh, "Too many authentication failures"); /* NOTREACHED */ } @@ -562,9 +558,8 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) } struct passwd * -getpwnamallow(const char *user) +getpwnamallow(struct ssh *ssh, const char *user) { - struct ssh *ssh = active_state; /* XXX */ #ifdef HAVE_LOGIN_CAP extern login_cap_t *lc; #ifdef BSD_AUTH @@ -614,7 +609,7 @@ getpwnamallow(const char *user) #endif /* SSH_AUDIT_EVENTS */ return (NULL); } - if (!allowed_user(pw)) + if (!allowed_user(ssh, pw)) return (NULL); #ifdef HAVE_LOGIN_CAP if ((lc = login_getclass(pw->pw_class)) == NULL) { @@ -693,9 +688,8 @@ auth_debug_add(const char *fmt,...) } void -auth_debug_send(void) +auth_debug_send(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ char *msg; int r; diff --git a/auth.h b/auth.h index 68104e50b..71c372e97 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.97 2019/01/19 21:38:24 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -168,8 +168,8 @@ void remove_kbdint_device(const char *); void do_authentication2(struct ssh *); -void auth_log(Authctxt *, int, int, const char *, const char *); -void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); +void auth_log(struct ssh *, int, int, const char *, const char *); +void auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn)); void userauth_finish(struct ssh *, int, const char *, const char *); int auth_root_allowed(struct ssh *, const char *); @@ -186,8 +186,8 @@ void auth2_challenge_stop(struct ssh *); int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); int bsdauth_respond(void *, u_int, char **); -int allowed_user(struct passwd *); -struct passwd * getpwnamallow(const char *user); +int allowed_user(struct ssh *, struct passwd *); +struct passwd * getpwnamallow(struct ssh *, const char *user); char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); @@ -222,7 +222,7 @@ void auth_log_authopts(const char *, const struct sshauthopt *, int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void auth_debug_send(void); +void auth_debug_send(struct ssh *); void auth_debug_reset(void); struct passwd *fakepw(void); diff --git a/auth2.c b/auth2.c index 2ea71210c..1f023e8b1 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.153 2019/01/19 21:38:24 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -284,7 +284,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) if (authctxt->attempt++ == 0) { /* setup auth context */ - authctxt->pw = PRIVSEP(getpwnamallow(user)); + authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; @@ -381,7 +381,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, } /* Log before sending the reply */ - auth_log(authctxt, authenticated, partial, method, submethod); + auth_log(ssh, authenticated, partial, method, submethod); /* Update information exposed to session */ if (authenticated || partial) @@ -429,7 +429,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif - auth_maxtries_exceeded(authctxt); + auth_maxtries_exceeded(ssh); } methods = authmethods_get(authctxt); debug3("%s: failure partial=%d next methods=\"%s\"", __func__, diff --git a/monitor.c b/monitor.c index e15a5225d..39bf7705c 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -338,7 +338,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) #endif } if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { - auth_log(authctxt, authenticated, partial, + auth_log(ssh, authenticated, partial, auth_method, auth_submethod); if (!partial && !authenticated) authctxt->failures++; @@ -729,7 +729,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m) if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - pwent = getpwnamallow(username); + pwent = getpwnamallow(ssh, username); authctxt->user = xstrdup(username); setproctitle("%s [priv]", pwent ? username : "unknown"); @@ -1230,7 +1230,7 @@ mm_answer_keyallowed(int sock, struct sshbuf *m) hostbased_chost = chost; } else { /* Log failed attempt */ - auth_log(authctxt, 0, 0, auth_method, NULL); + auth_log(ssh, 0, 0, auth_method, NULL); free(cuser); free(chost); } diff --git a/monitor_wrap.c b/monitor_wrap.c index 6ceaa3716..5db8a0a9c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -251,9 +251,8 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, } struct passwd * -mm_getpwnamallow(const char *username) +mm_getpwnamallow(struct ssh *ssh, const char *username) { - struct ssh *ssh = active_state; /* XXX */ struct sshbuf *m; struct passwd *pw; size_t len; diff --git a/monitor_wrap.h b/monitor_wrap.h index 644da081d..19c58e486 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -33,6 +33,7 @@ extern int use_privsep; enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY }; +struct ssh; struct monitor; struct Authctxt; struct sshkey; @@ -44,7 +45,7 @@ DH *mm_choose_dh(int, int, int); int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int compat); void mm_inform_authserv(char *, char *); -struct passwd *mm_getpwnamallow(const char *); +struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct ssh *, char *); int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, diff --git a/session.c b/session.c index f0dabe111..26ab6f6a0 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -362,7 +362,7 @@ do_authenticated(struct ssh *ssh, Authctxt *authctxt) else channel_permit_all(ssh, FORWARD_REMOTE); } - auth_debug_send(); + auth_debug_send(ssh); prepare_auth_info_file(authctxt->pw, authctxt->session_info); -- cgit v1.2.3 From a5e2ad88acff2b7d131ee6d5dc5d339b0f8c6a6d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:41:53 +0000 Subject: upstream: convert session.c to new packet API with & ok markus@ OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e --- session.c | 151 ++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 87 insertions(+), 64 deletions(-) diff --git a/session.c b/session.c index 26ab6f6a0..b5a382473 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: session.c,v 1.312 2019/01/19 21:41:53 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -105,9 +105,6 @@ #include #endif -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ @@ -207,7 +204,7 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) /* Create private directory for socket */ if (mkdtemp(auth_sock_dir) == NULL) { - packet_send_debug("Agent forwarding disabled: " + ssh_packet_send_debug(ssh, "Agent forwarding disabled: " "mkdtemp() failed: %.100s", strerror(errno)); restore_uid(); free(auth_sock_dir); @@ -524,7 +521,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) s->pid = pid; /* Set interactive/non-interactive mode. */ - packet_set_interactive(s->display != NULL, + ssh_packet_set_interactive(ssh, s->display != NULL, options.ip_qos_interactive, options.ip_qos_bulk); /* @@ -653,7 +650,7 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) /* Enter interactive session. */ s->ptymaster = ptymaster; - packet_set_interactive(1, + ssh_packet_set_interactive(ssh, 1, options.ip_qos_interactive, options.ip_qos_bulk); session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1); return 0; @@ -786,8 +783,8 @@ do_login(struct ssh *ssh, Session *s, const char *command) */ memset(&from, 0, sizeof(from)); fromlen = sizeof(from); - if (packet_connection_is_on_socket()) { - if (getpeername(packet_get_connection_in(), + if (ssh_packet_connection_is_on_socket(ssh)) { + if (getpeername(ssh_packet_get_connection_in(ssh), (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); @@ -1198,7 +1195,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) ssh_local_port(ssh)); child_set_env(&env, &envsize, "SSH_CLIENT", buf); - laddr = get_local_ipaddr(packet_get_connection_in()); + laddr = get_local_ipaddr(ssh_packet_get_connection_in(ssh)); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), laddr, ssh_local_port(ssh)); @@ -1365,7 +1362,7 @@ safely_chroot(const char *path, uid_t uid) component, strerror(errno)); if (st.st_uid != 0 || (st.st_mode & 022) != 0) fatal("bad ownership or modes for chroot " - "directory %s\"%s\"", + "directory %s\"%s\"", cp == NULL ? "" : "component ", component); if (!S_ISDIR(st.st_mode)) fatal("chroot path %s\"%s\" is not a directory", @@ -1503,11 +1500,12 @@ child_close_fds(struct ssh *ssh) auth_sock = -1; } - if (packet_get_connection_in() == packet_get_connection_out()) - close(packet_get_connection_in()); + if (ssh_packet_get_connection_in(ssh) == + ssh_packet_get_connection_out(ssh)) + close(ssh_packet_get_connection_in(ssh)); else { - close(packet_get_connection_in()); - close(packet_get_connection_out()); + close(ssh_packet_get_connection_in(ssh)); + close(ssh_packet_get_connection_out(ssh)); } /* * Close all descriptors related to channels. They will still remain @@ -1549,7 +1547,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) /* remove hostkey from the child's memory */ destroy_sensitive_data(); - packet_clear_keys(); + ssh_packet_clear_keys(ssh); /* Force a password change */ if (s->authctxt->force_pwchange) { @@ -1911,11 +1909,14 @@ session_by_pid(pid_t pid) static int session_window_change_req(struct ssh *ssh, Session *s) { - s->col = packet_get_int(); - s->row = packet_get_int(); - s->xpixel = packet_get_int(); - s->ypixel = packet_get_int(); - packet_check_eom(); + int r; + + if ((r = sshpkt_get_u32(ssh, &s->col)) != 0 || + (r = sshpkt_get_u32(ssh, &s->row)) != 0 || + (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || + (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); return 1; } @@ -1923,22 +1924,23 @@ session_window_change_req(struct ssh *ssh, Session *s) static int session_pty_req(struct ssh *ssh, Session *s) { - u_int len; + int r; if (!auth_opts->permit_pty_flag || !options.permit_tty) { debug("Allocating a pty not permitted for this connection."); return 0; } if (s->ttyfd != -1) { - packet_disconnect("Protocol error: you already have a pty."); + ssh_packet_disconnect(ssh, "Protocol error: you already have a pty."); return 0; } - s->term = packet_get_string(&len); - s->col = packet_get_int(); - s->row = packet_get_int(); - s->xpixel = packet_get_int(); - s->ypixel = packet_get_int(); + if ((r = sshpkt_get_cstring(ssh, &s->term, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &s->col)) != 0 || + (r = sshpkt_get_u32(ssh, &s->row)) != 0 || + (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || + (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (strcmp(s->term, "") == 0) { free(s->term); @@ -1960,13 +1962,15 @@ session_pty_req(struct ssh *ssh, Session *s) ssh_tty_parse_modes(ssh, s->ttyfd); + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + if (!use_privsep) pty_setowner(s->pw, s->tty); /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); - packet_check_eom(); session_proctitle(s); return 1; } @@ -1975,13 +1979,13 @@ static int session_subsystem_req(struct ssh *ssh, Session *s) { struct stat st; - u_int len; - int success = 0; + int r, success = 0; char *prog, *cmd; u_int i; - s->subsys = packet_get_string(&len); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); debug2("subsystem request for %.100s by user %s", s->subsys, s->pw->pw_name); @@ -2014,18 +2018,22 @@ session_subsystem_req(struct ssh *ssh, Session *s) static int session_x11_req(struct ssh *ssh, Session *s) { - int success; + int r, success; + u_char single_connection = 0; if (s->auth_proto != NULL || s->auth_data != NULL) { error("session_x11_req: session %d: " "x11 forwarding already active", s->self); return 0; } - s->single_connection = packet_get_char(); - s->auth_proto = packet_get_string(NULL); - s->auth_data = packet_get_string(NULL); - s->screen = packet_get_int(); - packet_check_eom(); + if ((r = sshpkt_get_u8(ssh, &single_connection)) != 0 || + (r = sshpkt_get_cstring(ssh, &s->auth_proto, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &s->auth_data, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &s->screen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + + s->single_connection = single_connection; if (xauth_valid_string(s->auth_proto) && xauth_valid_string(s->auth_data)) @@ -2046,17 +2054,24 @@ session_x11_req(struct ssh *ssh, Session *s) static int session_shell_req(struct ssh *ssh, Session *s) { - packet_check_eom(); + int r; + + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); return do_exec(ssh, s, NULL) == 0; } static int session_exec_req(struct ssh *ssh, Session *s) { - u_int len, success; + u_int success; + int r; + char *command = NULL; + + if ((r = sshpkt_get_cstring(ssh, &command, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - char *command = packet_get_string(&len); - packet_check_eom(); success = do_exec(ssh, s, command) == 0; free(command); return success; @@ -2065,9 +2080,11 @@ session_exec_req(struct ssh *ssh, Session *s) static int session_break_req(struct ssh *ssh, Session *s) { + int r; - packet_get_int(); /* ignored */ - packet_check_eom(); + if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* ignore */ + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) return 0; @@ -2078,11 +2095,13 @@ static int session_env_req(struct ssh *ssh, Session *s) { char *name, *val; - u_int name_len, val_len, i; + u_int i; + int r; - name = packet_get_cstring(&name_len); - val = packet_get_cstring(&val_len); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &val, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); /* Don't set too many environment variables */ if (s->num_env > 128) { @@ -2185,8 +2204,10 @@ static int session_auth_agent_req(struct ssh *ssh, Session *s) { static int called = 0; + int r; - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!auth_opts->permit_agent_forwarding_flag || !options.allow_agent_forwarding) { debug("%s: agent forwarding disabled", __func__); @@ -2376,6 +2397,7 @@ static void session_exit_message(struct ssh *ssh, Session *s, int status) { Channel *c; + int r; if ((c = channel_lookup(ssh, s->chanid)) == NULL) fatal("%s: session %d: no channel %d", @@ -2385,22 +2407,23 @@ session_exit_message(struct ssh *ssh, Session *s, int status) if (WIFEXITED(status)) { channel_request_start(ssh, s->chanid, "exit-status", 0); - packet_put_int(WEXITSTATUS(status)); - packet_send(); + if ((r = sshpkt_put_u32(ssh, WEXITSTATUS(status))) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: exit reply", __func__); } else if (WIFSIGNALED(status)) { channel_request_start(ssh, s->chanid, "exit-signal", 0); - packet_put_cstring(sig2name(WTERMSIG(status))); -#ifdef WCOREDUMP - packet_put_char(WCOREDUMP(status)? 1 : 0); -#else /* WCOREDUMP */ - packet_put_char(0); -#endif /* WCOREDUMP */ - packet_put_cstring(""); - packet_put_cstring(""); - packet_send(); +#ifndef WCOREDUMP +# define WCOREDUMP(x) (0) +#endif + if ((r = sshpkt_put_cstring(ssh, sig2name(WTERMSIG(status)))) != 0 || + (r = sshpkt_put_u8(ssh, WCOREDUMP(status)? 1 : 0)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: exit reply", __func__); } else { /* Some weird exit cause. Just exit. */ - packet_disconnect("wait returned status %04x.", status); + ssh_packet_disconnect(ssh, "wait returned status %04x.", status); } /* disconnect channel */ @@ -2571,7 +2594,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) u_int i; if (!auth_opts->permit_x11_forwarding_flag) { - packet_send_debug("X11 forwarding disabled by key options."); + ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options."); return 0; } if (!options.x11_forwarding) { @@ -2580,7 +2603,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) } if (options.xauth_location == NULL || (stat(options.xauth_location, &st) == -1)) { - packet_send_debug("No xauth program; cannot forward X11."); + ssh_packet_send_debug(ssh, "No xauth program; cannot forward X11."); return 0; } if (s->display != NULL) { -- cgit v1.2.3 From 6350e0316981489d4205952d6904d6fedba5bfe0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:42:30 +0000 Subject: upstream: convert sshd.c to new packet API with & ok markus@ OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891 --- sshd.c | 69 +++++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 39 insertions(+), 30 deletions(-) diff --git a/sshd.c b/sshd.c index c2cd5b068..9dbb09c6d 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.524 2019/01/19 21:38:24 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.525 2019/01/19 21:42:30 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,7 +123,6 @@ #include "version.h" #include "ssherr.h" -#include "opacket.h" /* XXX */ extern struct ssh *active_state; /* XXX move decl to this file */ /* Re-exec fds */ @@ -244,7 +243,7 @@ struct passwd *privsep_pw = NULL; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); -static void do_ssh2_kex(void); +static void do_ssh2_kex(struct ssh *); /* * Close all listening sockets @@ -458,8 +457,9 @@ privsep_preauth_child(void) } static int -privsep_preauth(Authctxt *authctxt) +privsep_preauth(struct ssh *ssh) { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; int status, r; pid_t pid; struct ssh_sandbox *box = NULL; @@ -467,7 +467,7 @@ privsep_preauth(Authctxt *authctxt) /* Set up unprivileged child process to deal with network data */ pmonitor = monitor_init(); /* Store a pointer to the kex for later rekeying */ - pmonitor->m_pkex = &active_state->kex; + pmonitor->m_pkex = &ssh->kex; if (use_privsep == PRIVSEP_ON) box = ssh_sandbox_init(pmonitor); @@ -527,7 +527,7 @@ privsep_preauth(Authctxt *authctxt) } static void -privsep_postauth(Authctxt *authctxt) +privsep_postauth(struct ssh *ssh, Authctxt *authctxt) { #ifdef DISABLE_FD_PASSING if (1) { @@ -576,7 +576,7 @@ privsep_postauth(Authctxt *authctxt) * Tell the packet layer that authentication was successful, since * this information is not part of the key state. */ - packet_set_authenticated(); + ssh_packet_set_authenticated(ssh); } static void @@ -759,21 +759,29 @@ notify_hostkeys(struct ssh *ssh) sshkey_ssh_name(key), fp); free(fp); if (nkeys == 0) { - packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring("hostkeys-00@openssh.com"); - packet_put_char(0); /* want-reply */ + /* + * Start building the request when we find the + * first usable key. + */ + if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, "hostkeys-00@openssh.com")) != 0 || + (r = sshpkt_put_u8(ssh, 0)) != 0) /* want reply */ + sshpkt_fatal(ssh, r, "%s: start request", __func__); } + /* Append the key to the request */ sshbuf_reset(buf); if ((r = sshkey_putb(key, buf)) != 0) fatal("%s: couldn't put hostkey %d: %s", __func__, i, ssh_err(r)); - packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf)); + if ((r = sshpkt_put_stringb(ssh, buf)) != 0) + sshpkt_fatal(ssh, r, "%s: append key", __func__); nkeys++; } debug3("%s: sent %u hostkeys", __func__, nkeys); if (nkeys == 0) fatal("%s: no hostkeys", __func__); - packet_send(); + if ((r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: send", __func__); sshbuf_free(buf); } @@ -1951,9 +1959,10 @@ main(int ac, char **av) * Register our connection. This turns encryption off because we do * not have a key. */ - packet_set_connection(sock_in, sock_out); - packet_set_server(); - ssh = active_state; /* XXX */ + if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL) + fatal("Unable to create connection"); + ssh_packet_set_server(ssh); + active_state = ssh; /* XXX needed elsewhere */ check_ip_options(ssh); @@ -1963,7 +1972,7 @@ main(int ac, char **av) process_permitopen(ssh, &options); /* Set SO_KEEPALIVE if requested. */ - if (options.tcp_keep_alive && packet_connection_is_on_socket() && + if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) && setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); @@ -2012,10 +2021,11 @@ main(int ac, char **av) if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0) cleanup_exit(255); /* error already logged */ - packet_set_nonblocking(); + ssh_packet_set_nonblocking(ssh); /* allocate authentication context */ authctxt = xcalloc(1, sizeof(*authctxt)); + ssh->authctxt = authctxt; authctxt->loginmsg = loginmsg; @@ -2032,7 +2042,7 @@ main(int ac, char **av) auth_debug_reset(); if (use_privsep) { - if (privsep_preauth(authctxt) == 1) + if (privsep_preauth(ssh) == 1) goto authenticated; } else if (have_agent) { if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { @@ -2043,8 +2053,7 @@ main(int ac, char **av) /* perform the key exchange */ /* authenticate user and start session */ - do_ssh2_kex(); - ssh->authctxt = authctxt; + do_ssh2_kex(ssh); do_authentication2(ssh); /* @@ -2053,7 +2062,7 @@ main(int ac, char **av) */ if (use_privsep) { mm_send_keystate(pmonitor); - packet_clear_keys(); + ssh_packet_clear_keys(ssh); exit(0); } @@ -2093,11 +2102,11 @@ main(int ac, char **av) * file descriptor passing. */ if (use_privsep) { - privsep_postauth(authctxt); + privsep_postauth(ssh, authctxt); /* the monitor process [priv] will not return */ } - packet_set_timeout(options.client_alive_interval, + ssh_packet_set_timeout(ssh, options.client_alive_interval, options.client_alive_count_max); /* Try to send all our hostkeys to the client */ @@ -2107,7 +2116,7 @@ main(int ac, char **av) do_authenticated(ssh, authctxt); /* The connection has been terminated. */ - packet_get_bytes(&ibytes, &obytes); + ssh_packet_get_bytes(ssh, &ibytes, &obytes); verbose("Transferred: sent %llu, received %llu bytes", (unsigned long long)obytes, (unsigned long long)ibytes); @@ -2122,7 +2131,7 @@ main(int ac, char **av) PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); #endif - packet_close(); + ssh_packet_close(ssh); if (use_privsep) mm_terminate(); @@ -2156,7 +2165,7 @@ sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, /* SSH2 key exchange */ static void -do_ssh2_kex(void) +do_ssh2_kex(struct ssh *ssh) { char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; struct kex *kex; @@ -2177,16 +2186,16 @@ do_ssh2_kex(void) } if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits(options.rekey_limit, + ssh_packet_set_rekey_limits(ssh, options.rekey_limit, options.rekey_interval); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); /* start key exchange */ - if ((r = kex_setup(active_state, myproposal)) != 0) + if ((r = kex_setup(ssh, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); - kex = active_state->kex; + kex = ssh->kex; #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; @@ -2205,7 +2214,7 @@ do_ssh2_kex(void) kex->host_key_index=&get_hostkey_index; kex->sign = sshd_hostkey_sign; - ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done); session_id2 = kex->session_id; session_id2_len = kex->session_id_len; -- cgit v1.2.3 From ec00f918b8ad90295044266c433340a8adc93452 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:43:07 +0000 Subject: upstream: convert monitor.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5 --- monitor.c | 169 +++++++++++++++++++++++++++------------------------------ monitor.h | 12 ++-- monitor_wrap.c | 3 +- monitor_wrap.h | 4 +- sshd.c | 11 ++-- 5 files changed, 94 insertions(+), 105 deletions(-) diff --git a/monitor.c b/monitor.c index 39bf7705c..387b50026 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.191 2019/01/19 21:43:07 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -96,9 +96,6 @@ #include "match.h" #include "ssherr.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - #ifdef GSSAPI static Gssctxt *gsscontext = NULL; #endif @@ -115,48 +112,48 @@ static struct sshbuf *child_state; /* Functions on the monitor that answer unprivileged requests */ -int mm_answer_moduli(int, struct sshbuf *); -int mm_answer_sign(int, struct sshbuf *); -int mm_answer_pwnamallow(int, struct sshbuf *); -int mm_answer_auth2_read_banner(int, struct sshbuf *); -int mm_answer_authserv(int, struct sshbuf *); -int mm_answer_authpassword(int, struct sshbuf *); -int mm_answer_bsdauthquery(int, struct sshbuf *); -int mm_answer_bsdauthrespond(int, struct sshbuf *); -int mm_answer_keyallowed(int, struct sshbuf *); -int mm_answer_keyverify(int, struct sshbuf *); -int mm_answer_pty(int, struct sshbuf *); -int mm_answer_pty_cleanup(int, struct sshbuf *); -int mm_answer_term(int, struct sshbuf *); -int mm_answer_rsa_keyallowed(int, struct sshbuf *); -int mm_answer_rsa_challenge(int, struct sshbuf *); -int mm_answer_rsa_response(int, struct sshbuf *); -int mm_answer_sesskey(int, struct sshbuf *); -int mm_answer_sessid(int, struct sshbuf *); +int mm_answer_moduli(struct ssh *, int, struct sshbuf *); +int mm_answer_sign(struct ssh *, int, struct sshbuf *); +int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); +int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); +int mm_answer_authserv(struct ssh *, int, struct sshbuf *); +int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); +int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); +int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); +int mm_answer_skeyquery(struct ssh *, int, struct sshbuf *); +int mm_answer_skeyrespond(struct ssh *, int, struct sshbuf *); +int mm_answer_keyallowed(struct ssh *, int, struct sshbuf *); +int mm_answer_keyverify(struct ssh *, int, struct sshbuf *); +int mm_answer_pty(struct ssh *, int, struct sshbuf *); +int mm_answer_pty_cleanup(struct ssh *, int, struct sshbuf *); +int mm_answer_term(struct ssh *, int, struct sshbuf *); +int mm_answer_rsa_keyallowed(struct ssh *, int, struct sshbuf *); +int mm_answer_rsa_challenge(struct ssh *, int, struct sshbuf *); +int mm_answer_rsa_response(struct ssh *, int, struct sshbuf *); +int mm_answer_sesskey(struct ssh *, int, struct sshbuf *); +int mm_answer_sessid(struct ssh *, int, struct sshbuf *); #ifdef USE_PAM -int mm_answer_pam_start(int, struct sshbuf *); -int mm_answer_pam_account(int, struct sshbuf *); -int mm_answer_pam_init_ctx(int, struct sshbuf *); -int mm_answer_pam_query(int, struct sshbuf *); -int mm_answer_pam_respond(int, struct sshbuf *); -int mm_answer_pam_free_ctx(int, struct sshbuf *); +int mm_answer_pam_start(struct ssh *, int, struct sshbuf *); +int mm_answer_pam_account(struct ssh *, int, struct sshbuf *); +int mm_answer_pam_init_ctx(struct ssh *, int, struct sshbuf *); +int mm_answer_pam_query(struct ssh *, int, struct sshbuf *); +int mm_answer_pam_respond(struct ssh *, int, struct sshbuf *); +int mm_answer_pam_free_ctx(struct ssh *, int, struct sshbuf *); #endif #ifdef GSSAPI -int mm_answer_gss_setup_ctx(int, struct sshbuf *); -int mm_answer_gss_accept_ctx(int, struct sshbuf *); -int mm_answer_gss_userok(int, struct sshbuf *); -int mm_answer_gss_checkmic(int, struct sshbuf *); +int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); +int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *); +int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *); +int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *); #endif #ifdef SSH_AUDIT_EVENTS -int mm_answer_audit_event(int, struct sshbuf *); -int mm_answer_audit_command(int, struct sshbuf *); +int mm_answer_audit_event(struct ssh *, int, struct sshbuf *); +int mm_answer_audit_command(struct ssh *, int, struct sshbuf *); #endif -static int monitor_read_log(struct monitor *); - static Authctxt *authctxt; /* local state for key verify */ @@ -175,7 +172,7 @@ static pid_t monitor_child_pid; struct mon_table { enum monitor_reqtype type; int flags; - int (*f)(int, struct sshbuf *); + int (*f)(struct ssh *, int, struct sshbuf *); }; #define MON_ISAUTH 0x0004 /* Required for Authentication */ @@ -187,6 +184,10 @@ struct mon_table { #define MON_PERMIT 0x1000 /* Request is permitted */ +static int monitor_read(struct ssh *, struct monitor *, struct mon_table *, + struct mon_table **); +static int monitor_read_log(struct monitor *); + struct mon_table mon_dispatch_proto20[] = { #ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, @@ -268,9 +269,8 @@ monitor_permit_authentications(int permit) } void -monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) +monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) { - struct ssh *ssh = active_state; /* XXX */ struct mon_table *ent; int authenticated = 0, partial = 0; @@ -282,7 +282,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) close(pmonitor->m_log_sendfd); pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; - authctxt = _authctxt; + authctxt = (Authctxt *)ssh->authctxt; memset(authctxt, 0, sizeof(*authctxt)); ssh->authctxt = authctxt; @@ -300,7 +300,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) auth_submethod = NULL; auth2_authctxt_reset_info(authctxt); - authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); + authenticated = (monitor_read(ssh, pmonitor, + mon_dispatch, &ent) == 1); /* Special handling for multiple required authentications */ if (options.num_auth_methods != 0) { @@ -332,7 +333,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_PAM_ACCOUNT, m); authenticated = mm_answer_pam_account( - pmonitor->m_sendfd, m); + ssh, pmonitor->m_sendfd, m); sshbuf_free(m); } #endif @@ -385,7 +386,7 @@ monitor_child_handler(int sig) } void -monitor_child_postauth(struct monitor *pmonitor) +monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor) { close(pmonitor->m_recvfd); pmonitor->m_recvfd = -1; @@ -411,7 +412,7 @@ monitor_child_postauth(struct monitor *pmonitor) } for (;;) - monitor_read(pmonitor, mon_dispatch, NULL); + monitor_read(ssh, pmonitor, mon_dispatch, NULL); } static int @@ -466,8 +467,8 @@ monitor_read_log(struct monitor *pmonitor) return 0; } -int -monitor_read(struct monitor *pmonitor, struct mon_table *ent, +static int +monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent, struct mon_table **pent) { struct sshbuf *m; @@ -517,7 +518,7 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, if (!(ent->flags & MON_PERMIT)) fatal("%s: unpermitted request %d", __func__, type); - ret = (*ent->f)(pmonitor->m_sendfd, m); + ret = (*ent->f)(ssh, pmonitor->m_sendfd, m); sshbuf_free(m); /* The child may use this request only once, disable it */ @@ -568,7 +569,7 @@ monitor_reset_key_state(void) #ifdef WITH_OPENSSL int -mm_answer_moduli(int sock, struct sshbuf *m) +mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m) { DH *dh; const BIGNUM *dh_p, *dh_g; @@ -610,9 +611,8 @@ mm_answer_moduli(int sock, struct sshbuf *m) #endif int -mm_answer_sign(int sock, struct sshbuf *m) +mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) { - struct ssh *ssh = active_state; /* XXX */ extern int auth_sock; /* XXX move to state struct? */ struct sshkey *key; struct sshbuf *sigbuf = NULL; @@ -713,9 +713,8 @@ mm_answer_sign(int sock, struct sshbuf *m) /* Retrieves the password entry and also checks if the user is permitted */ int -mm_answer_pwnamallow(int sock, struct sshbuf *m) +mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) { - struct ssh *ssh = active_state; /* XXX */ char *username; struct passwd *pwent; int r, allowed = 0; @@ -813,7 +812,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m) return (0); } -int mm_answer_auth2_read_banner(int sock, struct sshbuf *m) +int mm_answer_auth2_read_banner(struct ssh *ssh, int sock, struct sshbuf *m) { char *banner; int r; @@ -829,7 +828,7 @@ int mm_answer_auth2_read_banner(int sock, struct sshbuf *m) } int -mm_answer_authserv(int sock, struct sshbuf *m) +mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m) { int r; @@ -879,9 +878,8 @@ key_base_type_match(const char *method, const struct sshkey *key, } int -mm_answer_authpassword(int sock, struct sshbuf *m) +mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) { - struct ssh *ssh = active_state; /* XXX */ static int call_count; char *passwd; int r, authenticated; @@ -920,7 +918,7 @@ mm_answer_authpassword(int sock, struct sshbuf *m) #ifdef BSD_AUTH int -mm_answer_bsdauthquery(int sock, struct sshbuf *m) +mm_answer_bsdauthquery(struct ssh *ssh, int sock, struct sshbuf *m) { char *name, *infotxt; u_int numprompts, *echo_on, success; @@ -954,7 +952,7 @@ mm_answer_bsdauthquery(int sock, struct sshbuf *m) } int -mm_answer_bsdauthrespond(int sock, struct sshbuf *m) +mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m) { char *response; int r, authok; @@ -988,7 +986,7 @@ mm_answer_bsdauthrespond(int sock, struct sshbuf *m) #ifdef USE_PAM int -mm_answer_pam_start(int sock, struct sshbuf *m) +mm_answer_pam_start(struct ssh *ssh, int sock, struct sshbuf *m) { if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); @@ -1003,7 +1001,7 @@ mm_answer_pam_start(int sock, struct sshbuf *m) } int -mm_answer_pam_account(int sock, struct sshbuf *m) +mm_answer_pam_account(struct ssh *ssh, int sock, struct sshbuf *m) { u_int ret; int r; @@ -1026,7 +1024,7 @@ static void *sshpam_ctxt, *sshpam_authok; extern KbdintDevice sshpam_device; int -mm_answer_pam_init_ctx(int sock, struct sshbuf *m) +mm_answer_pam_init_ctx(struct ssh *ssh, int sock, struct sshbuf *m) { u_int ok = 0; int r; @@ -1051,7 +1049,7 @@ mm_answer_pam_init_ctx(int sock, struct sshbuf *m) } int -mm_answer_pam_query(int sock, struct sshbuf *m) +mm_answer_pam_query(struct ssh *ssh, int sock, struct sshbuf *m) { char *name = NULL, *info = NULL, **prompts = NULL; u_int i, num = 0, *echo_on = 0; @@ -1092,7 +1090,7 @@ mm_answer_pam_query(int sock, struct sshbuf *m) } int -mm_answer_pam_respond(int sock, struct sshbuf *m) +mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m) { char **resp; u_int i, num; @@ -1130,7 +1128,7 @@ mm_answer_pam_respond(int sock, struct sshbuf *m) } int -mm_answer_pam_free_ctx(int sock, struct sshbuf *m) +mm_answer_pam_free_ctx(struct ssh *ssh, int sock, struct sshbuf *m) { int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; @@ -1150,9 +1148,8 @@ mm_answer_pam_free_ctx(int sock, struct sshbuf *m) #endif int -mm_answer_keyallowed(int sock, struct sshbuf *m) +mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) { - struct ssh *ssh = active_state; /* XXX */ struct sshkey *key = NULL; char *cuser, *chost; u_int pubkey_auth_attempt; @@ -1387,9 +1384,8 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, } int -mm_answer_keyverify(int sock, struct sshbuf *m) +mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) { - struct ssh *ssh = active_state; /* XXX */ struct sshkey *key; u_char *signature, *data, *blob; char *sigalg; @@ -1434,7 +1430,7 @@ mm_answer_keyverify(int sock, struct sshbuf *m) fatal("%s: bad signature data blob", __func__); ret = sshkey_verify(key, signature, signaturelen, data, datalen, - sigalg, active_state->compat); + sigalg, ssh->compat); debug3("%s: %s %p signature %s", __func__, auth_method, key, (ret == 0) ? "verified" : "unverified"); auth2_record_key(authctxt, ret == 0, key); @@ -1461,9 +1457,8 @@ mm_answer_keyverify(int sock, struct sshbuf *m) } static void -mm_record_login(Session *s, struct passwd *pw) +mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw) { - struct ssh *ssh = active_state; /* XXX */ socklen_t fromlen; struct sockaddr_storage from; @@ -1473,8 +1468,8 @@ mm_record_login(Session *s, struct passwd *pw) */ memset(&from, 0, sizeof(from)); fromlen = sizeof(from); - if (packet_connection_is_on_socket()) { - if (getpeername(packet_get_connection_in(), + if (ssh_packet_connection_is_on_socket(ssh)) { + if (getpeername(ssh_packet_get_connection_in(ssh), (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); @@ -1498,7 +1493,7 @@ mm_session_close(Session *s) } int -mm_answer_pty(int sock, struct sshbuf *m) +mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) { extern struct monitor *pmonitor; Session *s; @@ -1526,7 +1521,7 @@ mm_answer_pty(int sock, struct sshbuf *m) if (dup2(s->ttyfd, 0) == -1) fatal("%s: dup2", __func__); - mm_record_login(s, authctxt->pw); + mm_record_login(ssh, s, authctxt->pw); /* Now we can close the file descriptor again */ close(0); @@ -1568,7 +1563,7 @@ mm_answer_pty(int sock, struct sshbuf *m) } int -mm_answer_pty_cleanup(int sock, struct sshbuf *m) +mm_answer_pty_cleanup(struct ssh *ssh, int sock, struct sshbuf *m) { Session *s; char *tty; @@ -1586,9 +1581,8 @@ mm_answer_pty_cleanup(int sock, struct sshbuf *m) } int -mm_answer_term(int sock, struct sshbuf *req) +mm_answer_term(struct ssh *ssh, int sock, struct sshbuf *req) { - struct ssh *ssh = active_state; /* XXX */ extern struct monitor *pmonitor; int res, status; @@ -1615,7 +1609,7 @@ mm_answer_term(int sock, struct sshbuf *req) #ifdef SSH_AUDIT_EVENTS /* Report that an audit event occurred */ int -mm_answer_audit_event(int socket, struct sshbuf *m) +mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m) { u_int n; ssh_audit_event_t event; @@ -1644,7 +1638,7 @@ mm_answer_audit_event(int socket, struct sshbuf *m) } int -mm_answer_audit_command(int socket, struct sshbuf *m) +mm_answer_audit_command(struct ssh *ssh, int socket, struct sshbuf *m) { char *cmd; int r; @@ -1660,10 +1654,8 @@ mm_answer_audit_command(int socket, struct sshbuf *m) #endif /* SSH_AUDIT_EVENTS */ void -monitor_clear_keystate(struct monitor *pmonitor) +monitor_clear_keystate(struct ssh *ssh, struct monitor *pmonitor) { - struct ssh *ssh = active_state; /* XXX */ - ssh_clear_newkeys(ssh, MODE_IN); ssh_clear_newkeys(ssh, MODE_OUT); sshbuf_free(child_state); @@ -1671,9 +1663,8 @@ monitor_clear_keystate(struct monitor *pmonitor) } void -monitor_apply_keystate(struct monitor *pmonitor) +monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) { - struct ssh *ssh = active_state; /* XXX */ struct kex *kex; int r; @@ -1780,7 +1771,7 @@ monitor_reinit(struct monitor *mon) #ifdef GSSAPI int -mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) +mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) { gss_OID_desc goid; OM_uint32 major; @@ -1813,7 +1804,7 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) } int -mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) +mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; @@ -1847,7 +1838,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) } int -mm_answer_gss_checkmic(int sock, struct sshbuf *m) +mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; @@ -1878,7 +1869,7 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m) } int -mm_answer_gss_userok(int sock, struct sshbuf *m) +mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) { int r, authenticated; const char *displayname; diff --git a/monitor.h b/monitor.h index 16047299f..a4b68fbe2 100644 --- a/monitor.h +++ b/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.21 2018/07/09 21:53:45 markus Exp $ */ +/* $OpenBSD: monitor.h,v 1.22 2019/01/19 21:43:07 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -65,6 +65,8 @@ enum monitor_reqtype { }; +struct ssh; + struct monitor { int m_recvfd; int m_sendfd; @@ -78,11 +80,11 @@ struct monitor *monitor_init(void); void monitor_reinit(struct monitor *); struct Authctxt; -void monitor_child_preauth(struct Authctxt *, struct monitor *); -void monitor_child_postauth(struct monitor *); +void monitor_child_preauth(struct ssh *, struct monitor *); +void monitor_child_postauth(struct ssh *, struct monitor *); -struct mon_table; -int monitor_read(struct monitor*, struct mon_table *, struct mon_table **); +void monitor_clear_keystate(struct ssh *, struct monitor *); +void monitor_apply_keystate(struct ssh *, struct monitor *); /* Prototypes for request sending and receiving */ void mm_request_send(int, enum monitor_reqtype, struct sshbuf *); diff --git a/monitor_wrap.c b/monitor_wrap.c index 5db8a0a9c..4bdfd518e 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.110 2019/01/19 21:43:07 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -76,7 +76,6 @@ #include "ssherr.h" -#include "opacket.h" /* XXX */ extern struct ssh *active_state; /* XXX */ /* Imports */ diff --git a/monitor_wrap.h b/monitor_wrap.h index 19c58e486..8277cbf45 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.40 2019/01/19 21:43:07 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -89,8 +89,6 @@ void mm_session_pty_cleanup2(struct Session *); struct newkeys *mm_newkeys_from_blob(u_char *, int); int mm_newkeys_to_blob(int, u_char **, u_int *); -void monitor_clear_keystate(struct monitor *); -void monitor_apply_keystate(struct monitor *); void mm_get_keystate(struct monitor *); void mm_send_keystate(struct monitor*); diff --git a/sshd.c b/sshd.c index 9dbb09c6d..0c93f7f31 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.525 2019/01/19 21:42:30 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -459,7 +459,6 @@ privsep_preauth_child(void) static int privsep_preauth(struct ssh *ssh) { - Authctxt *authctxt = (Authctxt *)ssh->authctxt; int status, r; pid_t pid; struct ssh_sandbox *box = NULL; @@ -488,7 +487,7 @@ privsep_preauth(struct ssh *ssh) } if (box != NULL) ssh_sandbox_parent_preauth(box, pid); - monitor_child_preauth(authctxt, pmonitor); + monitor_child_preauth(ssh, pmonitor); /* Wait for the child's exit status */ while (waitpid(pid, &status, 0) < 0) { @@ -548,8 +547,8 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt) else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); sshbuf_reset(loginmsg); - monitor_clear_keystate(pmonitor); - monitor_child_postauth(pmonitor); + monitor_clear_keystate(ssh, pmonitor); + monitor_child_postauth(ssh, pmonitor); /* NEVERREACHED */ exit(0); @@ -570,7 +569,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt) skip: /* It is safe now to apply the key state */ - monitor_apply_keystate(pmonitor); + monitor_apply_keystate(ssh, pmonitor); /* * Tell the packet layer that authentication was successful, since -- cgit v1.2.3 From 04c091fc199f17dacf8921df0a06634b454e2722 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:43:56 +0000 Subject: upstream: remove last references to active_state with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2 --- auth.h | 10 ++++----- auth2-hostbased.c | 12 +++++------ kex.h | 6 +++--- kexc25519s.c | 6 +++--- kexdhs.c | 6 +++--- kexecdhs.c | 6 +++--- kexgexs.c | 6 +++--- monitor.c | 8 +++---- monitor.h | 3 ++- monitor_wrap.c | 15 ++++++------- monitor_wrap.h | 11 +++++----- serverloop.c | 6 +++--- ssh.c | 5 +---- ssh_api.c | 15 ++++++------- sshd.c | 63 +++++++++++++++++++++++++++++++------------------------ 15 files changed, 90 insertions(+), 88 deletions(-) diff --git a/auth.h b/auth.h index 71c372e97..bf393e755 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.99 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -132,8 +132,8 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *); int auth_password(struct ssh *, const char *); -int hostbased_key_allowed(struct passwd *, const char *, char *, - struct sshkey *); +int hostbased_key_allowed(struct ssh *, struct passwd *, + const char *, char *, struct sshkey *); int user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, struct sshauthopt **); int auth2_key_already_used(Authctxt *, const struct sshkey *); @@ -208,8 +208,8 @@ struct sshkey *get_hostkey_public_by_index(int, struct ssh *); struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *); struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *); int get_hostkey_index(struct sshkey *, int, struct ssh *); -int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **, - size_t *, const u_char *, size_t, const char *, u_int); +int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, const char *); /* Key / cert options linkage to auth layer */ const struct sshauthopt *auth_options(struct ssh *); diff --git a/auth2-hostbased.c b/auth2-hostbased.c index e28a48fb3..0c40fad4e 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.39 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.40 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -51,8 +51,6 @@ #include "ssherr.h" #include "match.h" -extern struct ssh *active_state; /* XXX */ - /* import */ extern ServerOptions options; extern u_char *session_id2; @@ -149,7 +147,8 @@ userauth_hostbased(struct ssh *ssh) /* test for allowed key and correct signature */ authenticated = 0; - if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && + if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser, + chost, key)) && PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0) authenticated = 1; @@ -169,10 +168,9 @@ done: /* return 1 if given hostkey is allowed */ int -hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, - struct sshkey *key) +hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, + const char *cuser, char *chost, struct sshkey *key) { - struct ssh *ssh = active_state; /* XXX */ const char *resolvedname, *ipaddr, *lookup, *reason; HostStatus host_status; int len; diff --git a/kex.h b/kex.h index 9ba860954..085e60b52 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.93 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -156,8 +156,8 @@ struct kex { struct sshkey *(*load_host_public_key)(int, int, struct ssh *); struct sshkey *(*load_host_private_key)(int, int, struct ssh *); int (*host_key_index)(struct sshkey *, int, struct ssh *); - int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int); + int (*sign)(struct ssh *, struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, const char *); int (*kex[KEX_MAX])(struct ssh *); /* kex specific state */ DH *dh; /* DH */ diff --git a/kexc25519s.c b/kexc25519s.c index 81f816e56..9ff74d912 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.12 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -133,8 +133,8 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ diff --git a/kexdhs.c b/kexdhs.c index adf70babd..c8be1b2f7 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.30 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -189,8 +189,8 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* destroy_sensitive_data(); */ diff --git a/kexecdhs.c b/kexecdhs.c index c690feffe..45ac3f794 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.18 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -168,8 +168,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* destroy_sensitive_data(); */ diff --git a/kexgexs.c b/kexgexs.c index cd0e758c4..3b2ad37e4 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.36 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.37 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -223,8 +223,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* destroy_sensitive_data(); */ diff --git a/monitor.c b/monitor.c index 387b50026..1dcf930d4 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.191 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.192 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -360,7 +360,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) ssh->authctxt = NULL; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); - mm_get_keystate(pmonitor); + mm_get_keystate(ssh, pmonitor); /* Drain any buffered messages from the child */ while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) @@ -1195,7 +1195,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) if (!key_base_type_match(auth_method, key, options.hostbased_key_types)) break; - allowed = hostbased_key_allowed(authctxt->pw, + allowed = hostbased_key_allowed(ssh, authctxt->pw, cuser, chost, key); auth2_record_info(authctxt, "client user \"%.100s\", client host \"%.100s\"", @@ -1699,7 +1699,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) /* This function requries careful sanity checking */ void -mm_get_keystate(struct monitor *pmonitor) +mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor) { debug3("%s: Waiting for new keys", __func__); diff --git a/monitor.h b/monitor.h index a4b68fbe2..683e5e071 100644 --- a/monitor.h +++ b/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.22 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -90,5 +90,6 @@ void monitor_apply_keystate(struct ssh *, struct monitor *); void mm_request_send(int, enum monitor_reqtype, struct sshbuf *); void mm_request_receive(int, struct sshbuf *); void mm_request_receive_expect(int, enum monitor_reqtype, struct sshbuf *); +void mm_get_keystate(struct ssh *, struct monitor *); #endif /* _MONITOR_H_ */ diff --git a/monitor_wrap.c b/monitor_wrap.c index 4bdfd518e..5a0964b69 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.110 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.111 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -76,8 +76,6 @@ #include "ssherr.h" -extern struct ssh *active_state; /* XXX */ - /* Imports */ extern struct monitor *pmonitor; extern struct sshbuf *loginmsg; @@ -220,12 +218,12 @@ mm_choose_dh(int min, int nbits, int max) #endif int -mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, +mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) { struct kex *kex = *pmonitor->m_pkex; struct sshbuf *m; - u_int ndx = kex->host_key_index(key, 0, active_state); + u_int ndx = kex->host_key_index(key, 0, ssh); int r; debug3("%s entering", __func__); @@ -439,8 +437,8 @@ mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, } int -mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, - struct sshkey *key) +mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, + const char *user, const char *host, struct sshkey *key) { return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); } @@ -533,9 +531,8 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, } void -mm_send_keystate(struct monitor *monitor) +mm_send_keystate(struct ssh *ssh, struct monitor *monitor) { - struct ssh *ssh = active_state; /* XXX */ struct sshbuf *m; int r; diff --git a/monitor_wrap.h b/monitor_wrap.h index 8277cbf45..2b7052202 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.40 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.41 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -42,8 +42,8 @@ struct sshauthopt; void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); -int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, - const char *, u_int compat); +int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, u_int compat); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); @@ -52,7 +52,7 @@ int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, int, struct sshauthopt **); int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, struct sshauthopt **); -int mm_hostbased_key_allowed(struct passwd *, const char *, +int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *, const char *, struct sshkey *); int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); @@ -89,8 +89,7 @@ void mm_session_pty_cleanup2(struct Session *); struct newkeys *mm_newkeys_from_blob(u_char *, int); int mm_newkeys_to_blob(int, u_char **, u_int *); -void mm_get_keystate(struct monitor *); -void mm_send_keystate(struct monitor*); +void mm_send_keystate(struct ssh *, struct monitor*); /* bsdauth */ int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); diff --git a/serverloop.c b/serverloop.c index c60758e88..afb32fd34 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.211 2019/01/19 21:40:48 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.212 2019/01/19 21:43:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -782,9 +782,9 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) (r = sshbuf_put_string(sigbuf, ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0 || - (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, + (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), - use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 || + use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 || (r = sshbuf_put_string(resp, sig, slen)) != 0) { error("%s: couldn't prepare signature: %s", __func__, ssh_err(r)); diff --git a/ssh.c b/ssh.c index 160bf6b54..91e7c3511 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.499 2019/01/19 21:36:06 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.500 2019/01/19 21:43:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -113,8 +113,6 @@ #include "ssh-pkcs11.h" #endif -extern struct ssh *active_state; /* XXX remove after sshconnect2.c updated */ - extern char *__progname; /* Saves a copy of argv for setproctitle emulation */ @@ -652,7 +650,6 @@ main(int ac, char **av) */ if ((ssh = ssh_alloc_session_state()) == NULL) fatal("Couldn't allocate session state"); - active_state = ssh; /* XXX */ channel_init_channels(ssh); /* Parse command-line arguments. */ diff --git a/ssh_api.c b/ssh_api.c index ab209c4ca..182c0d7e4 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.9 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.10 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -40,8 +40,8 @@ int _ssh_order_hostkeyalgs(struct ssh *); int _ssh_verify_host_key(struct sshkey *, struct ssh *); struct sshkey *_ssh_host_public_key(int, int, struct ssh *); struct sshkey *_ssh_host_private_key(int, int, struct ssh *); -int _ssh_host_key_sign(struct sshkey *, struct sshkey *, - u_char **, size_t *, const u_char *, size_t, const char *, u_int); +int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, const char *); /* * stubs for the server side implementation of kex. @@ -547,9 +547,10 @@ _ssh_order_hostkeyalgs(struct ssh *ssh) } int -_ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey, - u_char **signature, size_t *slen, const u_char *data, size_t dlen, - const char *alg, u_int compat) +_ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey, + struct sshkey *pubkey, u_char **signature, size_t *slen, + const u_char *data, size_t dlen, const char *alg) { - return sshkey_sign(privkey, signature, slen, data, dlen, alg, compat); + return sshkey_sign(privkey, signature, slen, data, dlen, + alg, ssh->compat); } diff --git a/sshd.c b/sshd.c index 0c93f7f31..58d17e546 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.527 2019/01/19 21:43:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,8 +123,6 @@ #include "version.h" #include "ssherr.h" -extern struct ssh *active_state; /* XXX move decl to this file */ - /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) @@ -225,8 +223,9 @@ struct monitor *pmonitor = NULL; int privsep_is_preauth = 1; static int privsep_chroot = 1; -/* global authentication context */ +/* global connection state and authentication contexts */ Authctxt *the_authctxt = NULL; +struct ssh *the_active_state; /* global key/cert auth options. XXX move to permanent ssh->authctxt? */ struct sshauthopt *auth_opts = NULL; @@ -353,9 +352,11 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } + /* XXX pre-format ipaddr/port so we don't need to access active_state */ /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", - ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); + ssh_remote_ipaddr(the_active_state), + ssh_remote_port(the_active_state)); } /* Destroy the host and server keys. They will no longer be needed. */ @@ -742,7 +743,7 @@ notify_hostkeys(struct ssh *ssh) char *fp; /* Some clients cannot cope with the hostkeys message, skip those. */ - if (datafellows & SSH_BUG_HOSTKEYS) + if (ssh->compat & SSH_BUG_HOSTKEYS) return; if ((buf = sshbuf_new()) == NULL) @@ -1960,8 +1961,8 @@ main(int ac, char **av) */ if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL) fatal("Unable to create connection"); + the_active_state = ssh; ssh_packet_set_server(ssh); - active_state = ssh; /* XXX needed elsewhere */ check_ip_options(ssh); @@ -2060,7 +2061,7 @@ main(int ac, char **av) * the current keystate and exits */ if (use_privsep) { - mm_send_keystate(pmonitor); + mm_send_keystate(ssh, pmonitor); ssh_packet_clear_keys(ssh); exit(0); } @@ -2139,25 +2140,35 @@ main(int ac, char **av) } int -sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, - u_char **signature, size_t *slenp, const u_char *data, size_t dlen, - const char *alg, u_int flag) +sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, + struct sshkey *pubkey, u_char **signature, size_t *slenp, + const u_char *data, size_t dlen, const char *alg) { int r; - if (privkey) { - if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen, - alg, datafellows)) < 0) - fatal("%s: key_sign failed", __func__); - } else if (use_privsep) { - if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen, - alg, datafellows) < 0) - fatal("%s: pubkey_sign failed", __func__); + if (use_privsep) { + if (privkey) { + if (mm_sshkey_sign(ssh, privkey, signature, slenp, + data, dlen, alg, ssh->compat) < 0) + fatal("%s: privkey sign failed", __func__); + } else { + if (mm_sshkey_sign(ssh, pubkey, signature, slenp, + data, dlen, alg, ssh->compat) < 0) + fatal("%s: pubkey sign failed", __func__); + } } else { - if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp, - data, dlen, alg, datafellows)) != 0) - fatal("%s: ssh_agent_sign failed: %s", - __func__, ssh_err(r)); + if (privkey) { + if (sshkey_sign(privkey, signature, slenp, data, dlen, + alg, ssh->compat) < 0) + fatal("%s: privkey sign failed", __func__); + } else { + if ((r = ssh_agent_sign(auth_sock, pubkey, + signature, slenp, data, dlen, alg, + ssh->compat)) != 0) { + fatal("%s: agent sign failed: %s", + __func__, ssh_err(r)); + } + } } return 0; } @@ -2232,10 +2243,8 @@ do_ssh2_kex(struct ssh *ssh) void cleanup_exit(int i) { - struct ssh *ssh = active_state; /* XXX */ - - if (the_authctxt) { - do_cleanup(ssh, the_authctxt); + if (the_active_state != NULL && the_authctxt != NULL) { + do_cleanup(the_active_state, the_authctxt); if (use_privsep && privsep_is_preauth && pmonitor != NULL && pmonitor->m_pid > 1) { debug("Killing privsep child %d", pmonitor->m_pid); -- cgit v1.2.3 From 245c6a0b220b58686ee35bc5fc1c359e9be2faaa Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:45:31 +0000 Subject: upstream: remove last traces of old packet API! with & ok markus@ OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d --- Makefile.in | 2 +- dispatch.h | 9 +- opacket.c | 321 ------------------------------------------------------------ opacket.h | 154 ----------------------------- 4 files changed, 2 insertions(+), 484 deletions(-) delete mode 100644 opacket.c delete mode 100644 opacket.h diff --git a/Makefile.in b/Makefile.in index 6ffccb482..2d2de7b49 100644 --- a/Makefile.in +++ b/Makefile.in @@ -88,7 +88,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ cipher-ctr.o cleanup.o \ compat.o crc32.o fatal.o hostfile.o \ - log.o match.o moduli.o nchan.o packet.o opacket.o \ + log.o match.o moduli.o nchan.o packet.o \ readpass.o ttymodes.o xmalloc.o addrmatch.o \ atomicio.o dispatch.o mac.o uuencode.o misc.o utf8.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ diff --git a/dispatch.h b/dispatch.h index 17a6f3db6..a22d7749f 100644 --- a/dispatch.h +++ b/dispatch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.h,v 1.14 2017/05/31 07:00:13 markus Exp $ */ +/* $OpenBSD: dispatch.h,v 1.15 2019/01/19 21:45:31 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -46,11 +46,4 @@ void ssh_dispatch_range(struct ssh *, u_int, u_int, dispatch_fn *); int ssh_dispatch_run(struct ssh *, int, volatile sig_atomic_t *); void ssh_dispatch_run_fatal(struct ssh *, int, volatile sig_atomic_t *); -#define dispatch_init(dflt) \ - ssh_dispatch_init(active_state, (dflt)) -#define dispatch_range(from, to, fn) \ - ssh_dispatch_range(active_state, (from), (to), (fn)) -#define dispatch_set(type, fn) \ - ssh_dispatch_set(active_state, (type), (fn)) - #endif diff --git a/opacket.c b/opacket.c deleted file mode 100644 index e5ccf8099..000000000 --- a/opacket.c +++ /dev/null @@ -1,321 +0,0 @@ -/* $OpenBSD: opacket.c,v 1.9 2019/01/19 21:33:14 djm Exp $ */ -/* Written by Markus Friedl. Placed in the public domain. */ - -#include "includes.h" -/* $OpenBSD: opacket.c,v 1.8 2019/01/19 21:31:32 djm Exp $ */ -#include - -#include "ssherr.h" -#include "packet.h" -#include "opacket.h" /* XXX */ -#include "log.h" - -struct ssh *active_state, *backup_state; - -/* Map old to new API */ - -void -ssh_packet_start(struct ssh *ssh, u_char type) -{ - int r; - - if ((r = sshpkt_start(ssh, type)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -void -ssh_packet_put_char(struct ssh *ssh, int value) -{ - u_char ch = value; - int r; - - if ((r = sshpkt_put_u8(ssh, ch)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -void -ssh_packet_put_int(struct ssh *ssh, u_int value) -{ - int r; - - if ((r = sshpkt_put_u32(ssh, value)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -void -ssh_packet_put_int64(struct ssh *ssh, u_int64_t value) -{ - int r; - - if ((r = sshpkt_put_u64(ssh, value)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -void -ssh_packet_put_string(struct ssh *ssh, const void *buf, u_int len) -{ - int r; - - if ((r = sshpkt_put_string(ssh, buf, len)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -void -ssh_packet_put_cstring(struct ssh *ssh, const char *str) -{ - int r; - - if ((r = sshpkt_put_cstring(ssh, str)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -void -ssh_packet_put_raw(struct ssh *ssh, const void *buf, u_int len) -{ - int r; - - if ((r = sshpkt_put(ssh, buf, len)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - - -#ifdef WITH_OPENSSL -void -ssh_packet_put_bignum2(struct ssh *ssh, BIGNUM * value) -{ - int r; - - if ((r = sshpkt_put_bignum2(ssh, value)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -# ifdef OPENSSL_HAS_ECC -void -ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve, - const EC_POINT *point) -{ - int r; - - if ((r = sshpkt_put_ec(ssh, point, curve)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} -# endif -#endif /* WITH_OPENSSL */ - -void -ssh_packet_send(struct ssh *ssh) -{ - int r; - - if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -u_int -ssh_packet_get_char(struct ssh *ssh) -{ - u_char ch; - int r; - - if ((r = sshpkt_get_u8(ssh, &ch)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - return ch; -} - -u_int -ssh_packet_get_int(struct ssh *ssh) -{ - u_int val; - int r; - - if ((r = sshpkt_get_u32(ssh, &val)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - return val; -} - -u_int64_t -ssh_packet_get_int64(struct ssh *ssh) -{ - u_int64_t val; - int r; - - if ((r = sshpkt_get_u64(ssh, &val)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - return val; -} - - -#ifdef WITH_OPENSSL -void -ssh_packet_get_bignum2(struct ssh *ssh, BIGNUM * value) -{ - int r; - - if ((r = sshpkt_get_bignum2(ssh, value)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -# ifdef OPENSSL_HAS_ECC -void -ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point) -{ - int r; - - if ((r = sshpkt_get_ec(ssh, point, curve)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} -# endif -#endif /* WITH_OPENSSL */ - -void * -ssh_packet_get_string(struct ssh *ssh, u_int *length_ptr) -{ - int r; - size_t len; - u_char *val; - - if ((r = sshpkt_get_string(ssh, &val, &len)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - if (length_ptr != NULL) - *length_ptr = (u_int)len; - return val; -} - -const void * -ssh_packet_get_string_ptr(struct ssh *ssh, u_int *length_ptr) -{ - int r; - size_t len; - const u_char *val; - - if ((r = sshpkt_get_string_direct(ssh, &val, &len)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - if (length_ptr != NULL) - *length_ptr = (u_int)len; - return val; -} - -char * -ssh_packet_get_cstring(struct ssh *ssh, u_int *length_ptr) -{ - int r; - size_t len; - char *val; - - if ((r = sshpkt_get_cstring(ssh, &val, &len)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - if (length_ptr != NULL) - *length_ptr = (u_int)len; - return val; -} - -/* Old API, that had to be reimplemented */ - -void -packet_set_connection(int fd_in, int fd_out) -{ - active_state = ssh_packet_set_connection(active_state, fd_in, fd_out); - if (active_state == NULL) - fatal("%s: ssh_packet_set_connection failed", __func__); -} - -u_int -packet_get_char(void) -{ - return (ssh_packet_get_char(active_state)); -} - -u_int -packet_get_int(void) -{ - return (ssh_packet_get_int(active_state)); -} - -int -packet_read_seqnr(u_int32_t *seqnr) -{ - u_char type; - int r; - - if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)) != 0) - sshpkt_fatal(active_state, r, "%s", __func__); - return type; -} - -int -packet_read_poll_seqnr(u_int32_t *seqnr) -{ - u_char type; - int r; - - if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr))) - sshpkt_fatal(active_state, r, "%s", __func__); - return type; -} - -void -packet_close(void) -{ - ssh_packet_close(active_state); - active_state = NULL; -} - -void -packet_process_incoming(const char *buf, u_int len) -{ - int r; - - if ((r = ssh_packet_process_incoming(active_state, buf, len)) != 0) - sshpkt_fatal(active_state, r, "%s", __func__); -} - -void -packet_write_wait(void) -{ - int r; - - if ((r = ssh_packet_write_wait(active_state)) != 0) - sshpkt_fatal(active_state, r, "%s", __func__); -} - -void -packet_write_poll(void) -{ - int r; - - if ((r = ssh_packet_write_poll(active_state)) != 0) - sshpkt_fatal(active_state, r, "%s", __func__); -} - -void -packet_read_expect(int expected_type) -{ - int r; - - if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0) - sshpkt_fatal(active_state, r, "%s", __func__); -} - -void -packet_disconnect(const char *fmt, ...) -{ - char buf[1024]; - va_list args; - - va_start(args, fmt); - vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - ssh_packet_disconnect(active_state, "%s", buf); -} - -void -packet_send_debug(const char *fmt, ...) -{ - char buf[1024]; - va_list args; - - va_start(args, fmt); - vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - ssh_packet_send_debug(active_state, "%s", buf); -} diff --git a/opacket.h b/opacket.h deleted file mode 100644 index f92fe586e..000000000 --- a/opacket.h +++ /dev/null @@ -1,154 +0,0 @@ -/* $OpenBSD: opacket.h,v 1.13 2018/07/06 09:03:02 sf Exp $ */ -#ifndef _OPACKET_H -/* Written by Markus Friedl. Placed in the public domain. */ - -/* Map old to new API */ -void ssh_packet_start(struct ssh *, u_char); -void ssh_packet_put_char(struct ssh *, int ch); -void ssh_packet_put_int(struct ssh *, u_int value); -void ssh_packet_put_int64(struct ssh *, u_int64_t value); -void ssh_packet_put_bignum2(struct ssh *, BIGNUM * value); -void ssh_packet_put_ecpoint(struct ssh *, const EC_GROUP *, const EC_POINT *); -void ssh_packet_put_string(struct ssh *, const void *buf, u_int len); -void ssh_packet_put_cstring(struct ssh *, const char *str); -void ssh_packet_put_raw(struct ssh *, const void *buf, u_int len); -void ssh_packet_send(struct ssh *); - -u_int ssh_packet_get_char(struct ssh *); -u_int ssh_packet_get_int(struct ssh *); -u_int64_t ssh_packet_get_int64(struct ssh *); -void ssh_packet_get_bignum2(struct ssh *, BIGNUM * value); -void ssh_packet_get_ecpoint(struct ssh *, const EC_GROUP *, EC_POINT *); -void *ssh_packet_get_string(struct ssh *, u_int *length_ptr); -char *ssh_packet_get_cstring(struct ssh *, u_int *length_ptr); - -/* don't allow remaining bytes after the end of the message */ -#define ssh_packet_check_eom(ssh) \ -do { \ - int _len = ssh_packet_remaining(ssh); \ - if (_len > 0) { \ - logit("Packet integrity error (%d bytes remaining) at %s:%d", \ - _len ,__FILE__, __LINE__); \ - ssh_packet_disconnect(ssh, \ - "Packet integrity error."); \ - } \ -} while (0) - -/* old API */ -void packet_close(void); -u_int packet_get_char(void); -u_int packet_get_int(void); -void packet_set_connection(int, int); -int packet_read_seqnr(u_int32_t *); -int packet_read_poll_seqnr(u_int32_t *); -void packet_process_incoming(const char *buf, u_int len); -void packet_write_wait(void); -void packet_write_poll(void); -void packet_read_expect(int expected_type); -#define packet_set_timeout(timeout, count) \ - ssh_packet_set_timeout(active_state, (timeout), (count)) -#define packet_connection_is_on_socket() \ - ssh_packet_connection_is_on_socket(active_state) -#define packet_set_nonblocking() \ - ssh_packet_set_nonblocking(active_state) -#define packet_get_connection_in() \ - ssh_packet_get_connection_in(active_state) -#define packet_get_connection_out() \ - ssh_packet_get_connection_out(active_state) -#define packet_set_protocol_flags(protocol_flags) \ - ssh_packet_set_protocol_flags(active_state, (protocol_flags)) -#define packet_get_protocol_flags() \ - ssh_packet_get_protocol_flags(active_state) -#define packet_start(type) \ - ssh_packet_start(active_state, (type)) -#define packet_put_char(value) \ - ssh_packet_put_char(active_state, (value)) -#define packet_put_int(value) \ - ssh_packet_put_int(active_state, (value)) -#define packet_put_int64(value) \ - ssh_packet_put_int64(active_state, (value)) -#define packet_put_string( buf, len) \ - ssh_packet_put_string(active_state, (buf), (len)) -#define packet_put_cstring(str) \ - ssh_packet_put_cstring(active_state, (str)) -#define packet_put_raw(buf, len) \ - ssh_packet_put_raw(active_state, (buf), (len)) -#define packet_put_bignum2(value) \ - ssh_packet_put_bignum2(active_state, (value)) -#define packet_send() \ - ssh_packet_send(active_state) -#define packet_read() \ - ssh_packet_read(active_state) -#define packet_get_int64() \ - ssh_packet_get_int64(active_state) -#define packet_get_bignum2(value) \ - ssh_packet_get_bignum2(active_state, (value)) -#define packet_remaining() \ - ssh_packet_remaining(active_state) -#define packet_get_string(length_ptr) \ - ssh_packet_get_string(active_state, (length_ptr)) -#define packet_get_string_ptr(length_ptr) \ - ssh_packet_get_string_ptr(active_state, (length_ptr)) -#define packet_get_cstring(length_ptr) \ - ssh_packet_get_cstring(active_state, (length_ptr)) -void packet_send_debug(const char *, ...) - __attribute__((format(printf, 1, 2))); -void packet_disconnect(const char *, ...) - __attribute__((format(printf, 1, 2))) - __attribute__((noreturn)); -#define packet_have_data_to_write() \ - ssh_packet_have_data_to_write(active_state) -#define packet_not_very_much_data_to_write() \ - ssh_packet_not_very_much_data_to_write(active_state) -#define packet_set_interactive(interactive, qos_interactive, qos_bulk) \ - ssh_packet_set_interactive(active_state, (interactive), (qos_interactive), (qos_bulk)) -#define packet_is_interactive() \ - ssh_packet_is_interactive(active_state) -#define packet_set_maxsize(s) \ - ssh_packet_set_maxsize(active_state, (s)) -#define packet_inc_alive_timeouts() \ - ssh_packet_inc_alive_timeouts(active_state) -#define packet_set_alive_timeouts(ka) \ - ssh_packet_set_alive_timeouts(active_state, (ka)) -#define packet_get_maxsize() \ - ssh_packet_get_maxsize(active_state) -#define packet_add_padding(pad) \ - sshpkt_add_padding(active_state, (pad)) -#define packet_send_ignore(nbytes) \ - ssh_packet_send_ignore(active_state, (nbytes)) -#define packet_set_server() \ - ssh_packet_set_server(active_state) -#define packet_set_authenticated() \ - ssh_packet_set_authenticated(active_state) -#define packet_get_input() \ - ssh_packet_get_input(active_state) -#define packet_get_output() \ - ssh_packet_get_output(active_state) -#define packet_check_eom() \ - ssh_packet_check_eom(active_state) -#define set_newkeys(mode) \ - ssh_set_newkeys(active_state, (mode)) -#define packet_get_state(m) \ - ssh_packet_get_state(active_state, m) -#define packet_set_state(m) \ - ssh_packet_set_state(active_state, m) -#define packet_get_raw(lenp) \ - sshpkt_ptr(active_state, lenp) -#define packet_get_ecpoint(c,p) \ - ssh_packet_get_ecpoint(active_state, c, p) -#define packet_put_ecpoint(c,p) \ - ssh_packet_put_ecpoint(active_state, c, p) -#define packet_get_rekey_timeout() \ - ssh_packet_get_rekey_timeout(active_state) -#define packet_set_rekey_limits(x,y) \ - ssh_packet_set_rekey_limits(active_state, x, y) -#define packet_get_bytes(x,y) \ - ssh_packet_get_bytes(active_state, x, y) -#define packet_set_mux() \ - ssh_packet_set_mux(active_state) -#define packet_get_mux() \ - ssh_packet_get_mux(active_state) -#define packet_clear_keys() \ - ssh_packet_clear_keys(active_state) - -#endif /* _OPACKET_H */ -- cgit v1.2.3 From 135e302cfdbe91817294317c337cc38c3ff01cba Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 22:30:52 +0000 Subject: upstream: fix error in refactor: use ssh_packet_disconnect() instead of sshpkt_error(). The first one logs the error and exits (what we want) instead of just logging and blundering on. OpenBSD-Commit-ID: 39f51b43641dce9ce0f408ea6c0e6e077e2e91ae --- serverloop.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/serverloop.c b/serverloop.c index afb32fd34..9602e050d 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.212 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.213 2019/01/19 22:30:52 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -642,7 +642,7 @@ server_request_session(struct ssh *ssh) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (no_more_sessions) { - sshpkt_disconnect(ssh, "Possible attack: attempt to open a " + ssh_packet_disconnect(ssh, "Possible attack: attempt to open a " "session after additional sessions disabled"); } @@ -928,8 +928,10 @@ server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) debug("server_input_channel_req: channel %u request %s reply %d", id, rtype, want_reply); - if (id >= INT_MAX || (c = channel_lookup(ssh, (int)id)) == NULL) - sshpkt_disconnect(ssh, "%s: unknown channel %d", __func__, id); + if (id >= INT_MAX || (c = channel_lookup(ssh, (int)id)) == NULL) { + ssh_packet_disconnect(ssh, "%s: unknown channel %d", + __func__, id); + } if (!strcmp(rtype, "eow@openssh.com")) { if ((r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); -- cgit v1.2.3 From c327813ea1d740e3e367109c17873815aba1328e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 20 Jan 2019 09:45:38 +1100 Subject: depend --- .depend | 99 ++++++++++++++++++++++++++++++++--------------------------------- 1 file changed, 49 insertions(+), 50 deletions(-) diff --git a/.depend b/.depend index 193130f5d..b732ae9e8 100644 --- a/.depend +++ b/.depend @@ -6,47 +6,47 @@ audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h -auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h +auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h -auth.o: authfile.h monitor_wrap.h ssherr.h compat.h channels.h -auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h misc.h servconf.h +auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h authfile.h +auth.o: monitor_wrap.h ssherr.h compat.h channels.h +auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h -auth2-hostbased.o: pathnames.h ssherr.h match.h -auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h -auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h -auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h -auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h -auth2-pubkey.o: auth-options.h canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h -auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h -auth2.o: monitor_wrap.h digest.h +auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h pathnames.h +auth2-hostbased.o: ssherr.h match.h +auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h +auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h +auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h +auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth-options.h +auth2-pubkey.o: canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h +auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h monitor_wrap.h +auth2.o: digest.h authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h -canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h canohost.h misc.h +canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h canohost.h misc.h chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h -channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h opacket.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h +channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h -clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h -clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h -compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h log.h match.h kex.h mac.h +clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h myproposal.h +clientloop.o: log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h +compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crc32.h dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h opacket.h compat.h ssherr.h +dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h ssherr.h dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -60,11 +60,11 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h -kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h -kex.o: monitor.h ssherr.h sshbuf.h digest.h +kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h monitor.h +kex.o: ssherr.h sshbuf.h digest.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h digest.h ssherr.h -kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h digest.h ssherr.h -kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h ssherr.h +kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h +kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h ssherr.h kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -76,7 +76,7 @@ kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compa kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h -loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h +loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h @@ -84,16 +84,15 @@ md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h -monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h +monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h -monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h +monitor_wrap.o: auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h -mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h opacket.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h -nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h opacket.h channels.h compat.h log.h -opacket.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h +mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h +nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h digest.h log.h canohost.h misc.h channels.h ssh.h -packet.o: packet.h dispatch.h opacket.h ssherr.h sshbuf.h +packet.o: packet.h dispatch.h ssherr.h sshbuf.h platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h @@ -115,11 +114,11 @@ sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/open sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h match.h channels.h -servconf.o: groupaccess.h canohost.h packet.h dispatch.h opacket.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h -serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h -serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h -session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h -session.o: cipher-aesctr.h rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h +servconf.o: groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h +serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h +serverloop.o: rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h +session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h +session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h @@ -132,35 +131,35 @@ ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compa ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h uuencode.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h -ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h compat.h myproposal.h packet.h dispatch.h opacket.h log.h -ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h +ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h compat.h myproposal.h packet.h dispatch.h log.h atomicio.h +ssh-keyscan.o: misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h opacket.h -ssh.o: sshbuf.h channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h -ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h log.h authfile.h misc.h -ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h +ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h sshbuf.h +ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h +ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h version.h +ssh_api.o: myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h -sshconnect.o: ssherr.h authfd.h kex.h mac.h -sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h -sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h -sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h -sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h +sshconnect.o: authfd.h kex.h mac.h +sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h sshconnect.h +sshconnect2.o: authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h +sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h +sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h -ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h compat.h sshbuf.h ssherr.h ttymodes.h +ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h compat.h sshbuf.h ssherr.h ttymodes.h uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h -- cgit v1.2.3 From 08f66d9f17e12c1140d1f1cf5c4dce67e915d3cc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 20 Jan 2019 09:58:45 +1100 Subject: remove vestiges of old packet API from loginrec.c --- auth.c | 6 +++--- auth2.c | 5 ++++- loginrec.c | 6 +++--- loginrec.h | 5 ++++- openbsd-compat/port-aix.c | 4 ++-- openbsd-compat/port-aix.h | 3 ++- 6 files changed, 18 insertions(+), 11 deletions(-) diff --git a/auth.c b/auth.c index fea2c650f..a4c1dece5 100644 --- a/auth.c +++ b/auth.c @@ -356,11 +356,11 @@ auth_log(struct ssh *ssh, int authenticated, int partial, (strcmp(method, "password") == 0 || strncmp(method, "keyboard-interactive", 20) == 0 || strcmp(method, "challenge-response") == 0)) - record_failed_login(authctxt->user, + record_failed_login(ssh, authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); # ifdef WITH_AIXAUTHENTICATE if (authenticated) - sys_auth_record_login(authctxt->user, + sys_auth_record_login(ssh, authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh", loginmsg); # endif @@ -601,7 +601,7 @@ getpwnamallow(struct ssh *ssh, const char *user) logit("Invalid user %.100s from %.100s port %d", user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); #ifdef CUSTOM_FAILED_LOGIN - record_failed_login(user, + record_failed_login(ssh, user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif #ifdef SSH_AUDIT_EVENTS diff --git a/auth2.c b/auth2.c index 1f023e8b1..2e996fa59 100644 --- a/auth2.c +++ b/auth2.c @@ -401,7 +401,10 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, fatal("%s: buffer error: %s", __func__, ssh_err(r)); userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); - packet_write_wait(); + if ((r = ssh_packet_write_wait(ssh)) != 0) { + sshpkt_fatal(ssh, r, + "%s: send PAM banner", __func__); + } } fatal("Access denied for user %s by PAM account " "configuration", authctxt->user); diff --git a/loginrec.c b/loginrec.c index 08fc73758..5f2a47797 100644 --- a/loginrec.c +++ b/loginrec.c @@ -1653,7 +1653,7 @@ utmpx_get_entry(struct logininfo *li) */ void -record_failed_login(const char *username, const char *hostname, +record_failed_login(struct ssh *ssh, const char *username, const char *hostname, const char *ttyn) { int fd; @@ -1696,8 +1696,8 @@ record_failed_login(const char *username, const char *hostname, /* strncpy because we don't necessarily want nul termination */ strncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); - if (packet_connection_is_on_socket() && - getpeername(packet_get_connection_in(), + if (ssh_packet_connection_is_on_socket(ssh) && + getpeername(ssh_packet_get_connection_in(ssh), (struct sockaddr *)&from, &fromlen) == 0) { ipv64_normalise_mapped(&from, &fromlen); if (from.ss_family == AF_INET) { diff --git a/loginrec.h b/loginrec.h index 28923e781..62cc0e78c 100644 --- a/loginrec.h +++ b/loginrec.h @@ -31,6 +31,8 @@ #include "includes.h" +struct ssh; + /** ** you should use the login_* calls to work around platform dependencies **/ @@ -126,6 +128,7 @@ char *line_fullname(char *dst, const char *src, u_int dstsize); char *line_stripname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize); -void record_failed_login(const char *, const char *, const char *); +void record_failed_login(struct ssh *, const char *, const char *, + const char *); #endif /* _HAVE_LOGINREC_H_ */ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 943177c70..52698050c 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -280,8 +280,8 @@ sys_auth_allowed_user(struct passwd *pw, struct sshbuf *loginmsg) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm, - struct sshbuf *loginmsg) +sys_auth_record_login(struct ssh *ssh, const char *user, const char *host, + const char *ttynm, struct sshbuf *loginmsg) { char *msg = NULL; int success = 0; diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 748c0e4e3..4702e3bf1 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -30,6 +30,7 @@ # include #endif +struct ssh; struct sshbuf; /* These should be in the system headers but are not. */ @@ -89,7 +90,7 @@ void aix_usrinfo(struct passwd *); # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 int sys_auth_allowed_user(struct passwd *, struct sshbuf *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, +int sys_auth_record_login(struct ssh *, const char *, const char *, const char *, struct sshbuf *); # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG char *sys_auth_get_lastlogin_msg(const char *, uid_t); -- cgit v1.2.3 From 3f0786bbe73609ac96e5a0d91425ee21129f8e04 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 20 Jan 2019 10:22:18 +1100 Subject: remove PAM dependencies on old packet API Requires some caching of values, because the PAM code isn't always called with packet context. --- auth-pam.c | 68 ++++++++++++++++++++++++++++++++++++---------------------- auth-pam.h | 2 +- auth2.c | 2 +- monitor.c | 2 +- monitor_wrap.c | 2 +- monitor_wrap.h | 2 +- 6 files changed, 47 insertions(+), 31 deletions(-) diff --git a/auth-pam.c b/auth-pam.c index d67324e1f..bde0a8f56 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -248,6 +248,9 @@ static int sshpam_maxtries_reached = 0; static char **sshpam_env = NULL; static Authctxt *sshpam_authctxt = NULL; static const char *sshpam_password = NULL; +static char *sshpam_rhost = NULL; +static char *sshpam_laddr = NULL; +static char *sshpam_conninfo = NULL; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -669,14 +672,17 @@ sshpam_cleanup(void) } static int -sshpam_init(Authctxt *authctxt) +sshpam_init(struct ssh *ssh, Authctxt *authctxt) { - const char *pam_rhost, *pam_user, *user = authctxt->user; + const char *pam_user, *user = authctxt->user; const char **ptr_pam_user = &pam_user; - char *laddr, *conninfo; - struct ssh *ssh = active_state; /* XXX */ - if (sshpam_handle != NULL) { + if (sshpam_handle == NULL) { + if (ssh == NULL) { + fatal("%s: called initially with no " + "packet context", __func__); + } + } if (sshpam_handle != NULL) { /* We already have a PAM context; check if the user matches */ sshpam_err = pam_get_item(sshpam_handle, PAM_USER, (sshpam_const void **)ptr_pam_user); @@ -690,27 +696,37 @@ sshpam_init(Authctxt *authctxt) pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle); sshpam_authctxt = authctxt; - if (sshpam_err != PAM_SUCCESS) { - pam_end(sshpam_handle, sshpam_err); - sshpam_handle = NULL; - return (-1); - } - pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns); - debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost); - sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost); if (sshpam_err != PAM_SUCCESS) { pam_end(sshpam_handle, sshpam_err); sshpam_handle = NULL; return (-1); } - laddr = get_local_ipaddr(packet_get_connection_in()); - xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - laddr, ssh_local_port(ssh)); - pam_putenv(sshpam_handle, conninfo); - free(laddr); - free(conninfo); + if (ssh != NULL && sshpam_rhost == NULL) { + /* + * We need to cache these as we don't have packet context + * during the kbdint flow. + */ + sshpam_rhost = xstrdup(auth_get_canonical_hostname(ssh, + options.use_dns)); + sshpam_laddr = get_local_ipaddr( + ssh_packet_get_connection_in(ssh)); + xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + sshpam_laddr, ssh_local_port(ssh)); + } + if (sshpam_rhost != NULL) { + debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost); + sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, + sshpam_rhost); + if (sshpam_err != PAM_SUCCESS) { + pam_end(sshpam_handle, sshpam_err); + sshpam_handle = NULL; + return (-1); + } + /* Put SSH_CONNECTION in the PAM environment too */ + pam_putenv(sshpam_handle, sshpam_conninfo); + } #ifdef PAM_TTY_KLUDGE /* @@ -765,7 +781,7 @@ sshpam_init_ctx(Authctxt *authctxt) return NULL; /* Initialize PAM */ - if (sshpam_init(authctxt) == -1) { + if (sshpam_init(NULL, authctxt) == -1) { error("PAM: initialization failed"); return (NULL); } @@ -797,7 +813,6 @@ static int sshpam_query(void *ctx, char **name, char **info, u_int *num, char ***prompts, u_int **echo_on) { - struct ssh *ssh = active_state; /* XXX */ struct sshbuf *buffer; struct pam_ctxt *ctxt = ctx; size_t plen; @@ -887,8 +902,7 @@ sshpam_query(void *ctx, char **name, char **info, } error("PAM: %s for %s%.100s from %.100s", msg, sshpam_authctxt->valid ? "" : "illegal user ", - sshpam_authctxt->user, - auth_get_canonical_hostname(ssh, options.use_dns)); + sshpam_authctxt->user, sshpam_rhost); /* FALLTHROUGH */ default: *num = 0; @@ -1005,12 +1019,14 @@ KbdintDevice mm_sshpam_device = { * This replaces auth-pam.c */ void -start_pam(Authctxt *authctxt) +start_pam(struct ssh *ssh) { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; + if (!options.use_pam) fatal("PAM: initialisation requested when UsePAM=no"); - if (sshpam_init(authctxt) == -1) + if (sshpam_init(ssh, authctxt) == -1) fatal("PAM: initialisation failed"); } diff --git a/auth-pam.h b/auth-pam.h index 419860745..9fcea270f 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -27,7 +27,7 @@ struct ssh; -void start_pam(Authctxt *); +void start_pam(struct ssh *); void finish_pam(void); u_int do_pam_account(void); void do_pam_session(struct ssh *); diff --git a/auth2.c b/auth2.c index 2e996fa59..a80b3f872 100644 --- a/auth2.c +++ b/auth2.c @@ -299,7 +299,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) } #ifdef USE_PAM if (options.use_pam) - PRIVSEP(start_pam(authctxt)); + PRIVSEP(start_pam(ssh)); #endif ssh_packet_set_log_preamble(ssh, "%suser %s", authctxt->valid ? "authenticating " : "invalid ", user); diff --git a/monitor.c b/monitor.c index 1dcf930d4..5fa30b2a8 100644 --- a/monitor.c +++ b/monitor.c @@ -991,7 +991,7 @@ mm_answer_pam_start(struct ssh *ssh, int sock, struct sshbuf *m) if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); - start_pam(authctxt); + start_pam(ssh); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); if (options.kbd_interactive_authentication) diff --git a/monitor_wrap.c b/monitor_wrap.c index 5a0964b69..f52b9c88c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -626,7 +626,7 @@ mm_session_pty_cleanup2(Session *s) #ifdef USE_PAM void -mm_start_pam(Authctxt *authctxt) +mm_start_pam(struct ssh *ssh) { struct sshbuf *m; diff --git a/monitor_wrap.h b/monitor_wrap.h index 2b7052202..c7e0c91dd 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -66,7 +66,7 @@ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); #endif #ifdef USE_PAM -void mm_start_pam(struct Authctxt *); +void mm_start_pam(struct ssh *ssh); u_int mm_do_pam_account(void); void *mm_sshpam_init_ctx(struct Authctxt *); int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **); -- cgit v1.2.3 From 9b655dc9c9a353f0a527f0c6c43a5e35653c9503 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 20 Jan 2019 14:55:27 +1100 Subject: last bits of old packet API / active_state global --- audit-bsm.c | 2 +- audit-linux.c | 4 +--- audit.c | 2 +- audit.h | 4 +++- auth.c | 4 ++-- auth2.c | 6 +++--- monitor.c | 2 +- monitor_wrap.c | 2 +- monitor_wrap.h | 2 +- regress/misc/kexfuzz/kexfuzz.c | 2 -- regress/unittests/kex/test_kex.c | 2 -- session.c | 32 -------------------------------- ssh-keyscan.c | 2 -- ssh-keysign.c | 2 -- sshd.c | 8 ++++---- 15 files changed, 18 insertions(+), 58 deletions(-) diff --git a/audit-bsm.c b/audit-bsm.c index 1409f69ae..0ba16c72c 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -391,7 +391,7 @@ audit_session_close(struct logininfo *li) } void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { char textbuf[BSM_TEXTBUFSZ]; static int logged_in = 0; diff --git a/audit-linux.c b/audit-linux.c index 136ed76bb..3fcbe5c53 100644 --- a/audit-linux.c +++ b/audit-linux.c @@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li) } void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { - struct ssh *ssh = active_state; /* XXX */ - switch(event) { case SSH_AUTH_SUCCESS: case SSH_CONNECTION_CLOSE: diff --git a/audit.c b/audit.c index 33a04376d..dd2f03558 100644 --- a/audit.c +++ b/audit.c @@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port) * events and what they mean). */ void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { debug("audit event euid %d user %s event %d (%s)", geteuid(), audit_username(), event, audit_event_lookup(event)); diff --git a/audit.h b/audit.h index 0b593666d..38cb5ad31 100644 --- a/audit.h +++ b/audit.h @@ -27,6 +27,8 @@ #include "loginrec.h" +struct ssh; + enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, SSH_LOGIN_ROOT_DENIED, @@ -46,7 +48,7 @@ enum ssh_audit_event_type { typedef enum ssh_audit_event_type ssh_audit_event_t; void audit_connection_from(const char *, int); -void audit_event(ssh_audit_event_t); +void audit_event(struct ssh *, ssh_audit_event_t); void audit_session_open(struct logininfo *); void audit_session_close(struct logininfo *); void audit_run_command(const char *); diff --git a/auth.c b/auth.c index a4c1dece5..62c58e72f 100644 --- a/auth.c +++ b/auth.c @@ -367,7 +367,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial, #endif #ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) - audit_event(audit_classify_auth(method)); + audit_event(ssh, audit_classify_auth(method)); #endif } @@ -605,7 +605,7 @@ getpwnamallow(struct ssh *ssh, const char *user) auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif #ifdef SSH_AUDIT_EVENTS - audit_event(SSH_INVALID_USER); + audit_event(ssh, SSH_INVALID_USER); #endif /* SSH_AUDIT_EVENTS */ return (NULL); } diff --git a/auth2.c b/auth2.c index a80b3f872..e43350c36 100644 --- a/auth2.c +++ b/auth2.c @@ -294,7 +294,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_INVALID_USER)); + PRIVSEP(audit_event(ssh, SSH_INVALID_USER)); #endif } #ifdef USE_PAM @@ -369,7 +369,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, !auth_root_allowed(ssh, method)) { authenticated = 0; #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED)); #endif } @@ -430,7 +430,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); #endif auth_maxtries_exceeded(ssh); } diff --git a/monitor.c b/monitor.c index 5fa30b2a8..a9546dad2 100644 --- a/monitor.c +++ b/monitor.c @@ -1628,7 +1628,7 @@ mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m) case SSH_LOGIN_ROOT_DENIED: case SSH_CONNECTION_CLOSE: case SSH_INVALID_USER: - audit_event(event); + audit_event(ssh, event); break; default: fatal("Audit event type %d not permitted", event); diff --git a/monitor_wrap.c b/monitor_wrap.c index f52b9c88c..9e3c7cd17 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -867,7 +867,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) #ifdef SSH_AUDIT_EVENTS void -mm_audit_event(ssh_audit_event_t event) +mm_audit_event(struct ssh *ssh, ssh_audit_event_t event) { struct sshbuf *m; int r; diff --git a/monitor_wrap.h b/monitor_wrap.h index c7e0c91dd..fdebb3aa4 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -76,7 +76,7 @@ void mm_sshpam_free_ctx(void *); #ifdef SSH_AUDIT_EVENTS #include "audit.h" -void mm_audit_event(ssh_audit_event_t); +void mm_audit_event(struct ssh *, ssh_audit_event_t); void mm_audit_run_command(const char *); #endif diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 3e2c48160..61cae042f 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -29,8 +29,6 @@ #include "authfile.h" #include "log.h" -struct ssh *active_state = NULL; /* XXX - needed for linking */ - void kex_tests(void); static int do_debug = 0; diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index 90f1ebf45..112bc5499 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -24,8 +24,6 @@ #include "packet.h" #include "myproposal.h" -struct ssh *active_state = NULL; /* XXX - needed for linking */ - void kex_tests(void); static int do_debug = 0; diff --git a/session.c b/session.c index b5a382473..4862e5d63 100644 --- a/session.c +++ b/session.c @@ -123,9 +123,6 @@ int do_exec_no_pty(struct ssh *, Session *, const char *); int do_exec(struct ssh *, Session *, const char *); void do_login(struct ssh *, Session *, const char *); void do_child(struct ssh *, Session *, const char *); -#ifdef LOGIN_NEEDS_UTMPX -static void do_pre_login(Session *s); -#endif void do_motd(void); int check_quietlogin(Session *, const char *); @@ -656,35 +653,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) return 0; } -#ifdef LOGIN_NEEDS_UTMPX -static void -do_pre_login(Session *s) -{ - struct ssh *ssh = active_state; /* XXX */ - socklen_t fromlen; - struct sockaddr_storage from; - pid_t pid = getpid(); - - /* - * Get IP address of client. If the connection is not a socket, let - * the address be 0.0.0.0. - */ - memset(&from, 0, sizeof(from)); - fromlen = sizeof(from); - if (packet_connection_is_on_socket()) { - if (getpeername(packet_get_connection_in(), - (struct sockaddr *)&from, &fromlen) < 0) { - debug("getpeername: %.100s", strerror(errno)); - cleanup_exit(255); - } - } - - record_utmp_only(pid, s->tty, s->pw->pw_name, - session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), - (struct sockaddr *)&from, fromlen); -} -#endif - /* * This is called to fork and execute a command. If another command is * to be forced, execute that instead. diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 38b1c548b..88449f672 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -83,8 +83,6 @@ fd_set *read_wait; size_t read_wait_nfdset; int ncon; -struct ssh *active_state = NULL; /* XXX needed for linking */ - /* * Keep a connection structure for each file descriptor. The state * associated with file descriptor n is held in fdcon[n]. diff --git a/ssh-keysign.c b/ssh-keysign.c index 7ea5ad0e9..601f6ca72 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -59,8 +59,6 @@ #include "sshkey.h" #include "ssherr.h" -struct ssh *active_state = NULL; /* XXX needed for linking */ - extern char *__progname; static int diff --git a/sshd.c b/sshd.c index 58d17e546..f6927672e 100644 --- a/sshd.c +++ b/sshd.c @@ -2080,7 +2080,7 @@ main(int ac, char **av) } #ifdef SSH_AUDIT_EVENTS - audit_event(SSH_AUTH_SUCCESS); + audit_event(ssh, SSH_AUTH_SUCCESS); #endif #ifdef GSSAPI @@ -2128,7 +2128,7 @@ main(int ac, char **av) #endif /* USE_PAM */ #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); + PRIVSEP(audit_event(ssh, SSH_CONNECTION_CLOSE)); #endif ssh_packet_close(ssh); @@ -2256,8 +2256,8 @@ cleanup_exit(int i) } #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ - if (!use_privsep || mm_is_monitor()) - audit_event(SSH_CONNECTION_ABANDON); + if (the_active_state != NULL && (!use_privsep || mm_is_monitor())) + audit_event(the_active_state, SSH_CONNECTION_ABANDON); #endif _exit(i); } -- cgit v1.2.3 From c90a7928c4191303e76a8c58b9008d464287ae1b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 21 Jan 2019 09:22:36 +1100 Subject: Check for cc before gcc. If cc is something other than gcc and is the system compiler prefer using that, unless otherwise told via $CC. ok djm@ --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 8e92d1599..0509c306d 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,7 @@ AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) AC_CONFIG_HEADER([config.h]) -AC_PROG_CC +AC_PROG_CC([cc gcc]) AC_CANONICAL_HOST AC_C_BIGENDIAN -- cgit v1.2.3 From ec4776bb01dd8d61fddc7d2a31ab10bf3d3d829a Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Sun, 20 Jan 2019 01:12:40 +0000 Subject: upstream: DH-GEX min value is now specified in RFC8270. ok djm@ OpenBSD-Commit-ID: 1229d0feb1d0ecefe05bf67a17578b263e991acc --- dh.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dh.h b/dh.h index 344b29e35..adb643a75 100644 --- a/dh.h +++ b/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: dh.h,v 1.17 2019/01/20 01:12:40 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -48,7 +48,7 @@ u_int dh_estimate(int); /* * Max value from RFC4419. - * Miniumum increased in light of DH precomputation attacks. + * Min value from RFC8270. */ #define DH_GRP_MIN 2048 #define DH_GRP_MAX 8192 -- cgit v1.2.3 From a36b0b14a12971086034d53c0c3dfbad07665abe Mon Sep 17 00:00:00 2001 From: "tb@openbsd.org" Date: Sun, 20 Jan 2019 02:01:59 +0000 Subject: upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on error. Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, dtucker OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8 --- moduli.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/moduli.c b/moduli.c index 233cba8e8..48150dab2 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */ +/* $OpenBSD: moduli.c,v 1.33 2019/01/20 02:01:59 tb Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -582,7 +582,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, u_int32_t generator_known, in_tests, in_tries, in_type, in_size; unsigned long last_processed = 0, end_lineno; time_t time_start, time_stop; - int res; + int res, is_prime; if (trials < TRIAL_MINIMUM) { error("Minimum primality trials is %d", TRIAL_MINIMUM); @@ -753,7 +753,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, * that p is also prime. A single pass will weed out the * vast majority of composite q's. */ - if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) { + is_prime = BN_is_prime_ex(q, 1, ctx, NULL); + if (is_prime < 0) + fatal("BN_is_prime_ex failed"); + if (is_prime == 0) { debug("%10u: q failed first possible prime test", count_in); continue; @@ -766,14 +769,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, * will show up on the first Rabin-Miller iteration so it * doesn't hurt to specify a high iteration count. */ - if (!BN_is_prime_ex(p, trials, ctx, NULL)) { + is_prime = BN_is_prime_ex(p, trials, ctx, NULL); + if (is_prime < 0) + fatal("BN_is_prime_ex failed"); + if (is_prime == 0) { debug("%10u: p is not prime", count_in); continue; } debug("%10u: p is almost certainly prime", count_in); /* recheck q more rigorously */ - if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) { + is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL); + if (is_prime < 0) + fatal("BN_is_prime_ex failed"); + if (is_prime == 0) { debug("%10u: q is not prime", count_in); continue; } -- cgit v1.2.3 From aa22c20e0c36c2fc610cfcc793b0d14079c38814 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 22:03:29 +0000 Subject: upstream: add option to test whether keys in an agent are usable, by performing a signature and a verification using each key "ssh-add -T pubkey [...]" work by markus@, ok djm@ OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b --- ssh-add.1 | 14 +++++++++++--- ssh-add.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 60 insertions(+), 6 deletions(-) diff --git a/ssh-add.1 b/ssh-add.1 index d5da9279c..35ab04426 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.66 2017/08/29 13:05:58 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.67 2019/01/20 22:03:29 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 29 2017 $ +.Dd $Mdocdate: January 20 2019 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdkLlqXx +.Op Fl cDdkLlqTXx .Op Fl E Ar fingerprint_hash .Op Fl t Ar life .Op Ar @@ -51,6 +51,10 @@ .Fl s Ar pkcs11 .Nm ssh-add .Fl e Ar pkcs11 +.Nm ssh-add +.Fl T +.Ar pubkey +.Op Ar ... .Sh DESCRIPTION .Nm adds private key identities to the authentication agent, @@ -131,6 +135,10 @@ Be quiet after a successful operation. .It Fl s Ar pkcs11 Add keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl T Ar pubkey Op Ar ... +Tests whether the private keys that correspond to the specified +.Ar pubkey +files are usable by performing sign and verify operations on each. .It Fl t Ar life Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format diff --git a/ssh-add.c b/ssh-add.c index 50165e7d6..eb2552ad5 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.136 2018/09/19 02:03:02 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.137 2019/01/20 22:03:29 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -417,6 +417,40 @@ update_card(int agent_fd, int add, const char *id, int qflag) return ret; } +static int +test_key(int agent_fd, const char *filename) +{ + struct sshkey *key = NULL; + u_char *sig = NULL; + size_t slen = 0; + int r, ret = -1; + char data[1024]; + + if ((r = sshkey_load_public(filename, &key, NULL)) != 0) { + error("Couldn't read public key %s: %s", filename, ssh_err(r)); + return -1; + } + arc4random_buf(data, sizeof(data)); + if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data), + NULL, 0)) != 0) { + error("Agent signature failed for %s: %s", + filename, ssh_err(r)); + goto done; + } + if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), + NULL, 0)) != 0) { + error("Signature verification failed for %s: %s", + filename, ssh_err(r)); + goto done; + } + /* success */ + ret = 0; + done: + free(sig); + sshkey_free(key); + return ret; +} + static int list_identities(int agent_fd, int do_fp) { @@ -524,6 +558,7 @@ usage(void) fprintf(stderr, " -X Unlock agent.\n"); fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); + fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); fprintf(stderr, " -q Be quiet after a successful operation.\n"); } @@ -535,7 +570,7 @@ main(int argc, char **argv) int agent_fd; char *pkcs11provider = NULL; int r, i, ch, deleting = 0, ret = 0, key_only = 0; - int xflag = 0, lflag = 0, Dflag = 0, qflag = 0; + int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0; ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ @@ -559,7 +594,7 @@ main(int argc, char **argv) exit(2); } - while ((ch = getopt(argc, argv, "klLcdDxXE:e:M:m:qs:t:")) != -1) { + while ((ch = getopt(argc, argv, "klLcdDTxXE:e:M:m:qs:t:")) != -1) { switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); @@ -623,6 +658,9 @@ main(int argc, char **argv) case 'q': qflag = 1; break; + case 'T': + Tflag = 1; + break; default: usage(); ret = 1; @@ -648,6 +686,14 @@ main(int argc, char **argv) argc -= optind; argv += optind; + if (Tflag) { + if (argc <= 0) + fatal("no keys to test"); + for (r = i = 0; i < argc; i++) + r |= test_key(agent_fd, argv[i]); + ret = r == 0 ? 0 : 1; + goto done; + } if (pkcs11provider != NULL) { if (update_card(agent_fd, !deleting, pkcs11provider, qflag) == -1) -- cgit v1.2.3 From 93f02107f44d63a016d8c23ebd2ca9205c495c48 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 22:51:37 +0000 Subject: upstream: add support for ECDSA keys in PKCS#11 tokens Work by markus@ and Pedro Martelletto, feedback and ok me@ OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424 --- ssh-pkcs11-client.c | 103 +++- ssh-pkcs11-helper.c | 40 +- ssh-pkcs11.c | 1374 +++++++++++++++++++++++++++++++++++++++++++-------- ssh-pkcs11.h | 18 +- sshkey.h | 3 +- 5 files changed, 1302 insertions(+), 236 deletions(-) diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index d1241ce67..6e16b2f9a 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,6 +1,7 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.10 2018/07/09 21:59:10 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.12 2019/01/20 22:51:37 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. + * Copyright (c) 2014 Pedro Martelletto. All rights reserved. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -30,6 +31,7 @@ #include #include +#include #include #include "openbsd-compat/openssl-compat.h" @@ -113,8 +115,7 @@ pkcs11_terminate(void) } static int -pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, - int padding) +rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) { struct sshkey key; /* XXX */ u_char *blob, *signature = NULL; @@ -154,18 +155,89 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, return (ret); } -/* redirect the private key encrypt operation to the ssh-pkcs11-helper */ +static ECDSA_SIG * +ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, + const BIGNUM *rp, EC_KEY *ec) +{ + struct sshkey key; /* XXX */ + u_char *blob, *signature = NULL; + const u_char *cp; + size_t blen, slen = 0; + ECDSA_SIG *ret = NULL; + struct sshbuf *msg; + int r; + + key.type = KEY_ECDSA; + key.ecdsa = ec; + key.ecdsa_nid = sshkey_ecdsa_key_to_nid(ec); + if (key.ecdsa_nid < 0) { + error("%s: couldn't get curve nid", __func__); + return (NULL); + } + if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) { + error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); + return (NULL); + } + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || + (r = sshbuf_put_string(msg, blob, blen)) != 0 || + (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 || + (r = sshbuf_put_u32(msg, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + free(blob); + send_msg(msg); + sshbuf_reset(msg); + + if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) { + if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + cp = signature; + ret = d2i_ECDSA_SIG(NULL, &cp, slen); + free(signature); + } + + sshbuf_free(msg); + return (ret); +} + +static RSA_METHOD *helper_rsa; +static EC_KEY_METHOD *helper_ecdsa; + +/* redirect private key crypto operations to the ssh-pkcs11-helper */ +static void +wrap_key(struct sshkey *k) +{ + if (k->type == KEY_RSA) + RSA_set_method(k->rsa, helper_rsa); + else if (k->type == KEY_ECDSA) + EC_KEY_set_method(k->ecdsa, helper_ecdsa); + else + fatal("%s: unknown key type", __func__); +} + static int -wrap_key(RSA *rsa) +pkcs11_start_helper_methods(void) { - static RSA_METHOD *helper_rsa; + if (helper_ecdsa != NULL) + return (0); + + int (*orig_sign)(int, const unsigned char *, int, unsigned char *, + unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; + if (helper_ecdsa != NULL) + return (0); + helper_ecdsa = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); + if (helper_ecdsa == NULL) + return (-1); + EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); + EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) fatal("%s: RSA_meth_dup failed", __func__); if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") || - !RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt)) + !RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt)) fatal("%s: failed to prepare method", __func__); - RSA_set_method(rsa, helper_rsa); + return (0); } @@ -174,6 +246,11 @@ pkcs11_start_helper(void) { int pair[2]; + if (pkcs11_start_helper_methods() == -1) { + error("pkcs11_start_helper_methods failed"); + return (-1); + } + if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) { error("socketpair: %s", strerror(errno)); return (-1); @@ -204,7 +281,7 @@ int pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) { struct sshkey *k; - int r; + int r, type; u_char *blob; size_t blen; u_int nkeys, i; @@ -222,7 +299,8 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) send_msg(msg); sshbuf_reset(msg); - if (recv_msg(msg) == SSH2_AGENT_IDENTITIES_ANSWER) { + type = recv_msg(msg); + if (type == SSH2_AGENT_IDENTITIES_ANSWER) { if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); @@ -234,10 +312,13 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) __func__, ssh_err(r)); if ((r = sshkey_from_blob(blob, blen, &k)) != 0) fatal("%s: bad key: %s", __func__, ssh_err(r)); - wrap_key(k->rsa); + wrap_key(k); (*keysp)[i] = k; free(blob); } + } else if (type == SSH2_AGENT_FAILURE) { + if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) + nkeys = -1; } else { nkeys = -1; } diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 6301033c5..92c6728ba 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.14 2018/01/08 15:18:46 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.15 2019/01/20 22:51:37 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -110,7 +110,7 @@ static void process_add(void) { char *name, *pin; - struct sshkey **keys; + struct sshkey **keys = NULL; int r, i, nkeys; u_char *blob; size_t blen; @@ -139,11 +139,13 @@ process_add(void) free(blob); add_key(keys[i], name); } - free(keys); } else { if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } + free(keys); free(pin); free(name); send_msg(msg); @@ -192,15 +194,33 @@ process_sign(void) else { if ((found = lookup_key(key)) != NULL) { #ifdef WITH_OPENSSL + u_int xslen; int ret; - slen = RSA_size(key->rsa); - signature = xmalloc(slen); - if ((ret = RSA_private_encrypt(dlen, data, signature, - found->rsa, RSA_PKCS1_PADDING)) != -1) { - slen = ret; - ok = 0; - } + if (key->type == KEY_RSA) { + slen = RSA_size(key->rsa); + signature = xmalloc(slen); + ret = RSA_private_encrypt(dlen, data, signature, + found->rsa, RSA_PKCS1_PADDING); + if (ret != -1) { + slen = ret; + ok = 0; + } + } else if (key->type == KEY_ECDSA) { + xslen = ECDSA_size(key->ecdsa); + signature = xmalloc(xslen); + /* "The parameter type is ignored." */ + ret = ECDSA_sign(-1, data, dlen, signature, + &xslen, found->ecdsa); + if (ret != 0) + ok = 0; + else + error("%s: ECDSA_sign" + " returns %d", __func__, ret); + slen = xslen; + } else + error("%s: don't know how to sign with key " + "type %d", __func__, (int)key->type); #endif /* WITH_OPENSSL */ } sshkey_free(key); diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 775de9642..01f968a9b 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,6 +1,7 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. + * Copyright (c) 2014 Pedro Martelletto. All rights reserved. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,20 +20,24 @@ #ifdef ENABLE_PKCS11 -#include #ifdef HAVE_SYS_TIME_H # include #endif + +#include #include #include +#include #include #include #include "openbsd-compat/sys-queue.h" #include "openbsd-compat/openssl-compat.h" +#include #include +#include #define CRYPTOKI_COMPAT #include "pkcs11.h" @@ -69,12 +74,25 @@ struct pkcs11_key { CK_ULONG slotidx; int (*orig_finish)(RSA *rsa); RSA_METHOD *rsa_method; + EC_KEY_METHOD *ec_key_method; char *keyid; int keyid_len; }; int pkcs11_interactive = 0; +#ifdef HAVE_DLOPEN +static void +ossl_error(const char *msg) +{ + unsigned long e; + + while ((e = ERR_get_error()) != 0) + error("%s: %s: %.100s", __func__, msg, + ERR_error_string(e, NULL)); +} +#endif + int pkcs11_init(int interactive) { @@ -84,9 +102,9 @@ pkcs11_init(int interactive) } /* - * finalize a provider shared libarary, it's no longer usable. + * finalize a provider shared library, it's no longer usable. * however, there might still be keys referencing this provider, - * so the actuall freeing of memory is handled by pkcs11_provider_unref(). + * so the actual freeing of memory is handled by pkcs11_provider_unref(). * this is called when a provider gets unregistered. */ static void @@ -123,6 +141,7 @@ pkcs11_provider_unref(struct pkcs11_provider *p) if (--p->refcount <= 0) { if (p->valid) error("pkcs11_provider_unref: %p still valid", p); + free(p->name); free(p->slotlist); free(p->slotinfo); free(p); @@ -218,43 +237,27 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, return (ret); } -/* openssl callback doing the actual signing operation */ static int -pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, - int padding) +pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type) { - struct pkcs11_key *k11; struct pkcs11_slotinfo *si; CK_FUNCTION_LIST *f; - CK_OBJECT_HANDLE obj; - CK_ULONG tlen = 0; - CK_RV rv; - CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; - CK_BBOOL true_val = CK_TRUE; - CK_MECHANISM mech = { - CKM_RSA_PKCS, NULL_PTR, 0 - }; - CK_ATTRIBUTE key_filter[] = { - {CKA_CLASS, NULL, sizeof(private_key_class) }, - {CKA_ID, NULL, 0}, - {CKA_SIGN, NULL, sizeof(true_val) } - }; + CK_OBJECT_HANDLE obj; + CK_RV rv; + CK_OBJECT_CLASS private_key_class; + CK_BBOOL true_val; + CK_MECHANISM mech; + CK_ATTRIBUTE key_filter[3]; char *pin = NULL, prompt[1024]; - int rval = -1; - - key_filter[0].pValue = &private_key_class; - key_filter[2].pValue = &true_val; - if ((k11 = RSA_get_app_data(rsa)) == NULL) { - error("RSA_get_app_data failed for rsa %p", rsa); - return (-1); - } if (!k11->provider || !k11->provider->valid) { - error("no pkcs11 (valid) provider for rsa %p", rsa); + error("no pkcs11 (valid) provider found"); return (-1); } + f = k11->provider->function_list; si = &k11->provider->slotinfo[k11->slotidx]; + if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { if (!pkcs11_interactive) { error("need pin entry%s", (si->token.flags & @@ -283,23 +286,75 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, } si->logged_in = 1; } + + memset(&key_filter, 0, sizeof(key_filter)); + private_key_class = CKO_PRIVATE_KEY; + key_filter[0].type = CKA_CLASS; + key_filter[0].pValue = &private_key_class; + key_filter[0].ulValueLen = sizeof(private_key_class); + + key_filter[1].type = CKA_ID; key_filter[1].pValue = k11->keyid; key_filter[1].ulValueLen = k11->keyid_len; + + true_val = CK_TRUE; + key_filter[2].type = CKA_SIGN; + key_filter[2].pValue = &true_val; + key_filter[2].ulValueLen = sizeof(true_val); + /* try to find object w/CKA_SIGN first, retry w/o */ if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { error("cannot find private key"); - } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { + return (-1); + } + + memset(&mech, 0, sizeof(mech)); + mech.mechanism = mech_type; + mech.pParameter = NULL_PTR; + mech.ulParameterLen = 0; + + if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { error("C_SignInit failed: %lu", rv); - } else { - /* XXX handle CKR_BUFFER_TOO_SMALL */ - tlen = RSA_size(rsa); - rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); - if (rv == CKR_OK) - rval = tlen; - else - error("C_Sign failed: %lu", rv); + return (-1); + } + + return (0); +} + +/* openssl callback doing the actual signing operation */ +static int +pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, + int padding) +{ + struct pkcs11_key *k11; + struct pkcs11_slotinfo *si; + CK_FUNCTION_LIST *f; + CK_ULONG tlen = 0; + CK_RV rv; + int rval = -1; + + if ((k11 = RSA_get_app_data(rsa)) == NULL) { + error("RSA_get_app_data failed for rsa %p", rsa); + return (-1); + } + + if (pkcs11_get_key(k11, CKM_RSA_PKCS) == -1) { + error("pkcs11_get_key failed"); + return (-1); } + + f = k11->provider->function_list; + si = &k11->provider->slotinfo[k11->slotidx]; + tlen = RSA_size(rsa); + + /* XXX handle CKR_BUFFER_TOO_SMALL */ + rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); + if (rv == CKR_OK) + rval = tlen; + else + error("C_Sign failed: %lu", rv); + return (rval); } @@ -344,6 +399,115 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } +/* openssl callback doing the actual signing operation */ +static ECDSA_SIG * +ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, + const BIGNUM *rp, EC_KEY *ec) +{ + struct pkcs11_key *k11; + struct pkcs11_slotinfo *si; + CK_FUNCTION_LIST *f; + CK_ULONG siglen = 0, bnlen; + CK_RV rv; + ECDSA_SIG *ret = NULL; + u_char *sig; + const u_char *cp; + + if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { + ossl_error("EC_KEY_get_key_method_data failed for ec"); + return (NULL); + } + + if (pkcs11_get_key(k11, CKM_ECDSA) == -1) { + error("pkcs11_get_key failed"); + return (NULL); + } + + f = k11->provider->function_list; + si = &k11->provider->slotinfo[k11->slotidx]; + + siglen = ECDSA_size(ec); + sig = xmalloc(siglen); + + /* XXX handle CKR_BUFFER_TOO_SMALL */ + rv = f->C_Sign(si->session, (CK_BYTE *)dgst, dgst_len, sig, &siglen); + if (rv != CKR_OK) { + error("C_Sign failed: %lu", rv); + goto done; + } + cp = sig; + ret = d2i_ECDSA_SIG(NULL, &cp, siglen); + if (ret == NULL) { + /* + * d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded + * sequence, but to the concatenation r|s. + */ + if (siglen < 64 || siglen > 132 || siglen % 2) { + ossl_error("d2i_ECDSA_SIG failed"); + goto done; + } + bnlen = siglen/2; + if ((ret = ECDSA_SIG_new()) == NULL) { + error("ECDSA_SIG_new failed"); + goto done; + } + if (BN_bin2bn(sig, bnlen, ret->r) == NULL || + BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { + ossl_error("d2i_ECDSA_SIG failed"); + ECDSA_SIG_free(ret); + ret = NULL; + goto done; + } + } + done: + free(sig); + + return (ret); +} + +static EC_KEY_METHOD *ec_key_method; + +static int +pkcs11_ecdsa_start_wrapper(void) +{ + int (*orig_sign)(int, const unsigned char *, int, unsigned char *, + unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; + + if (ec_key_method != NULL) + return (0); + ec_key_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); + if (ec_key_method == NULL) + return (-1); + EC_KEY_METHOD_get_sign(ec_key_method, &orig_sign, NULL, NULL); + EC_KEY_METHOD_set_sign(ec_key_method, orig_sign, NULL, ecdsa_do_sign); + return (0); +} + +static int +pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, + CK_ATTRIBUTE *keyid_attrib, EC_KEY *ec) +{ + struct pkcs11_key *k11; + + if (pkcs11_ecdsa_start_wrapper() == -1) + return (-1); + + k11 = xcalloc(1, sizeof(*k11)); + k11->provider = provider; + provider->refcount++; /* provider referenced by ECDSA key */ + k11->slotidx = slotidx; + /* identify key object on smartcard */ + k11->keyid_len = keyid_attrib->ulValueLen; + k11->keyid = xmalloc(k11->keyid_len); + memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); + k11->ec_key_method = ec_key_method; + + EC_KEY_set_method(ec, k11->ec_key_method); + EC_KEY_set_ex_data(ec, 0, k11); + + return (0); +} + /* remove trailing spaces */ static void rmspace(u_char *buf, size_t len) @@ -364,18 +528,19 @@ rmspace(u_char *buf, size_t len) * if pin == NULL we delay login until key use */ static int -pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) +pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, + CK_ULONG user) { CK_RV rv; CK_FUNCTION_LIST *f; CK_SESSION_HANDLE session; - int login_required; + int login_required, ret; f = p->function_list; login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; if (pin && login_required && !strlen(pin)) { error("pin required"); - return (-1); + return (-SSH_PKCS11_ERR_PIN_REQUIRED); } if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| CKF_SERIAL_SESSION, NULL, NULL, &session)) @@ -384,13 +549,16 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) return (-1); } if (login_required && pin) { - rv = f->C_Login(session, CKU_USER, + rv = f->C_Login(session, user, (u_char *)pin, strlen(pin)); if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { error("C_Login failed: %lu", rv); + ret = (rv == CKR_PIN_LOCKED) ? + -SSH_PKCS11_ERR_PIN_LOCKED : + -SSH_PKCS11_ERR_LOGIN_FAIL; if ((rv = f->C_CloseSession(session)) != CKR_OK) error("C_CloseSession failed: %lu", rv); - return (-1); + return (ret); } p->slotinfo[slotidx].logged_in = 1; } @@ -398,48 +566,6 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) return (0); } -/* - * lookup public keys for token in slot identified by slotidx, - * add 'wrapped' public keys to the 'keysp' array and increment nkeys. - * keysp points to an (possibly empty) array with *nkeys keys. - */ -static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG, - CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *) - __attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE)))); - -static int -pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, - struct sshkey ***keysp, int *nkeys) -{ - CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; - CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; - CK_ATTRIBUTE pubkey_filter[] = { - { CKA_CLASS, NULL, sizeof(pubkey_class) } - }; - CK_ATTRIBUTE cert_filter[] = { - { CKA_CLASS, NULL, sizeof(cert_class) } - }; - CK_ATTRIBUTE pubkey_attribs[] = { - { CKA_ID, NULL, 0 }, - { CKA_MODULUS, NULL, 0 }, - { CKA_PUBLIC_EXPONENT, NULL, 0 } - }; - CK_ATTRIBUTE cert_attribs[] = { - { CKA_ID, NULL, 0 }, - { CKA_SUBJECT, NULL, 0 }, - { CKA_VALUE, NULL, 0 } - }; - pubkey_filter[0].pValue = &pubkey_class; - cert_filter[0].pValue = &cert_class; - - if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs, - keysp, nkeys) < 0 || - pkcs11_fetch_keys_filter(p, slotidx, cert_filter, cert_attribs, - keysp, nkeys) < 0) - return (-1); - return (0); -} - static int pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) { @@ -451,6 +577,355 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) return (0); } +static struct sshkey * +pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, + CK_OBJECT_HANDLE *obj) +{ + CK_ATTRIBUTE key_attr[3]; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *f = NULL; + CK_RV rv; + EC_KEY *ec = NULL; + EC_GROUP *group = NULL; + struct sshkey *key = NULL; + const unsigned char *attrp = NULL; + int i; + int nid; + + memset(&key_attr, 0, sizeof(key_attr)); + key_attr[0].type = CKA_ID; + key_attr[1].type = CKA_EC_POINT; + key_attr[2].type = CKA_EC_PARAMS; + + session = p->slotinfo[slotidx].session; + f = p->function_list; + + /* figure out size of the attributes */ + rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); + if (rv != CKR_OK) { + error("C_GetAttributeValue failed: %lu", rv); + return (NULL); + } + + /* + * Allow CKA_ID (always first attribute) to be empty, but + * ensure that none of the others are zero length. + * XXX assumes CKA_ID is always first. + */ + if (key_attr[1].ulValueLen == 0 || + key_attr[2].ulValueLen == 0) { + error("invalid attribute length"); + return (NULL); + } + + /* allocate buffers for attributes */ + for (i = 0; i < 3; i++) + if (key_attr[i].ulValueLen > 0) + key_attr[i].pValue = xcalloc(1, key_attr[i].ulValueLen); + + /* retrieve ID, public point and curve parameters of EC key */ + rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); + if (rv != CKR_OK) { + error("C_GetAttributeValue failed: %lu", rv); + goto fail; + } + + ec = EC_KEY_new(); + if (ec == NULL) { + error("EC_KEY_new failed"); + goto fail; + } + + attrp = key_attr[2].pValue; + group = d2i_ECPKParameters(NULL, &attrp, key_attr[2].ulValueLen); + if (group == NULL) { + ossl_error("d2i_ECPKParameters failed"); + goto fail; + } + + if (EC_KEY_set_group(ec, group) == 0) { + ossl_error("EC_KEY_set_group failed"); + goto fail; + } + + if (key_attr[1].ulValueLen <= 2) { + error("CKA_EC_POINT too small"); + goto fail; + } + + attrp = (const unsigned char *)key_attr[1].pValue; + if (o2i_ECPublicKey(&ec, &attrp, key_attr[1].ulValueLen) == NULL) { + /* try to skip DER header (octet string type and length byte) */ + attrp = (const unsigned char *)key_attr[1].pValue + 2; + if (o2i_ECPublicKey(&ec, &attrp, key_attr[1].ulValueLen - 2) + == NULL) { + ossl_error("o2i_ECPublicKey failed"); + goto fail; + } + } + + nid = sshkey_ecdsa_key_to_nid(ec); + if (nid < 0) { + error("couldn't get curve nid"); + goto fail; + } + + if (pkcs11_ecdsa_wrap(p, slotidx, &key_attr[0], ec)) + goto fail; + + key = sshkey_new(KEY_UNSPEC); + if (key == NULL) { + error("sshkey_new failed"); + goto fail; + } + + key->ecdsa = ec; + key->ecdsa_nid = nid; + key->type = KEY_ECDSA; + key->flags |= SSHKEY_FLAG_EXT; + ec = NULL; /* now owned by key */ + +fail: + for (i = 0; i < 3; i++) + free(key_attr[i].pValue); + if (ec) + EC_KEY_free(ec); + if (group) + EC_GROUP_free(group); + + return (key); +} + +static struct sshkey * +pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, + CK_OBJECT_HANDLE *obj) +{ + CK_ATTRIBUTE key_attr[3]; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *f = NULL; + CK_RV rv; + RSA *rsa = NULL; + BIGNUM *rsa_n, *rsa_e; + struct sshkey *key = NULL; + int i; + + memset(&key_attr, 0, sizeof(key_attr)); + key_attr[0].type = CKA_ID; + key_attr[1].type = CKA_MODULUS; + key_attr[2].type = CKA_PUBLIC_EXPONENT; + + session = p->slotinfo[slotidx].session; + f = p->function_list; + + /* figure out size of the attributes */ + rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); + if (rv != CKR_OK) { + error("C_GetAttributeValue failed: %lu", rv); + return (NULL); + } + + /* + * Allow CKA_ID (always first attribute) to be empty, but + * ensure that none of the others are zero length. + * XXX assumes CKA_ID is always first. + */ + if (key_attr[1].ulValueLen == 0 || + key_attr[2].ulValueLen == 0) { + error("invalid attribute length"); + return (NULL); + } + + /* allocate buffers for attributes */ + for (i = 0; i < 3; i++) + if (key_attr[i].ulValueLen > 0) + key_attr[i].pValue = xcalloc(1, key_attr[i].ulValueLen); + + /* retrieve ID, modulus and public exponent of RSA key */ + rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); + if (rv != CKR_OK) { + error("C_GetAttributeValue failed: %lu", rv); + goto fail; + } + + rsa = RSA_new(); + if (rsa == NULL) { + error("RSA_new failed"); + goto fail; + } + + rsa_n = BN_bin2bn(key_attr[1].pValue, key_attr[1].ulValueLen, NULL); + rsa_e = BN_bin2bn(key_attr[2].pValue, key_attr[2].ulValueLen, NULL); + if (rsa_n == NULL || rsa_e == NULL) { + error("BN_bin2bn failed"); + goto fail; + } + if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) + fatal("%s: set key", __func__); + rsa_n = rsa_e = NULL; /* transferred */ + + if (pkcs11_rsa_wrap(p, slotidx, &key_attr[0], rsa)) + goto fail; + + key = sshkey_new(KEY_UNSPEC); + if (key == NULL) { + error("sshkey_new failed"); + goto fail; + } + + key->rsa = rsa; + key->type = KEY_RSA; + key->flags |= SSHKEY_FLAG_EXT; + rsa = NULL; /* now owned by key */ + +fail: + for (i = 0; i < 3; i++) + free(key_attr[i].pValue); + RSA_free(rsa); + + return (key); +} + +static struct sshkey * +pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, + CK_OBJECT_HANDLE *obj) +{ + CK_ATTRIBUTE cert_attr[3]; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *f = NULL; + CK_RV rv; + X509 *x509 = NULL; + EVP_PKEY *evp; + RSA *rsa = NULL; + EC_KEY *ec = NULL; + struct sshkey *key = NULL; + int i; + int nid; + const u_char *cp; + + memset(&cert_attr, 0, sizeof(cert_attr)); + cert_attr[0].type = CKA_ID; + cert_attr[1].type = CKA_SUBJECT; + cert_attr[2].type = CKA_VALUE; + + session = p->slotinfo[slotidx].session; + f = p->function_list; + + /* figure out size of the attributes */ + rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3); + if (rv != CKR_OK) { + error("C_GetAttributeValue failed: %lu", rv); + return (NULL); + } + + /* + * Allow CKA_ID (always first attribute) to be empty, but + * ensure that none of the others are zero length. + * XXX assumes CKA_ID is always first. + */ + if (cert_attr[1].ulValueLen == 0 || + cert_attr[2].ulValueLen == 0) { + error("invalid attribute length"); + return (NULL); + } + + /* allocate buffers for attributes */ + for (i = 0; i < 3; i++) + if (cert_attr[i].ulValueLen > 0) + cert_attr[i].pValue = xcalloc(1, cert_attr[i].ulValueLen); + + /* retrieve ID, subject and value of certificate */ + rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3); + if (rv != CKR_OK) { + error("C_GetAttributeValue failed: %lu", rv); + goto fail; + } + + x509 = X509_new(); + if (x509 == NULL) { + error("x509_new failed"); + goto fail; + } + + cp = cert_attr[2].pValue; + if (d2i_X509(&x509, &cp, cert_attr[2].ulValueLen) == NULL) { + error("d2i_x509 failed"); + goto fail; + } + + evp = X509_get_pubkey(x509); + if (evp == NULL) { + error("X509_get_pubkey failed"); + goto fail; + } + + if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) { + if (EVP_PKEY_get0_RSA(evp) == NULL) { + error("invalid x509; no rsa key"); + goto fail; + } + if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) == NULL) { + error("RSAPublicKey_dup failed"); + goto fail; + } + + if (pkcs11_rsa_wrap(p, slotidx, &cert_attr[0], rsa)) + goto fail; + + key = sshkey_new(KEY_UNSPEC); + if (key == NULL) { + error("sshkey_new failed"); + goto fail; + } + + key->rsa = rsa; + key->type = KEY_RSA; + key->flags |= SSHKEY_FLAG_EXT; + rsa = NULL; /* now owned by key */ + } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { + /* XXX XXX fix accessor */ + if (evp->pkey.ec == NULL) { + error("invalid x509; no ec key"); + goto fail; + } + if ((ec = EC_KEY_dup(evp->pkey.ec)) == NULL) { + error("EC_KEY_dup failed"); + goto fail; + } + + nid = sshkey_ecdsa_key_to_nid(ec); + if (nid < 0) { + error("couldn't get curve nid"); + goto fail; + } + + if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec)) + goto fail; + + key = sshkey_new(KEY_UNSPEC); + if (key == NULL) { + error("sshkey_new failed"); + goto fail; + } + + key->ecdsa = ec; + key->ecdsa_nid = nid; + key->type = KEY_ECDSA; + key->flags |= SSHKEY_FLAG_EXT; + ec = NULL; /* now owned by key */ + } else + error("unknown certificate key type"); + +fail: + for (i = 0; i < 3; i++) + free(cert_attr[i].pValue); + X509_free(x509); + RSA_free(rsa); + EC_KEY_free(ec); + + return (key); +} + +#if 0 static int have_rsa_key(const RSA *rsa) { @@ -459,140 +934,398 @@ have_rsa_key(const RSA *rsa) RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL); return rsa_n != NULL && rsa_e != NULL; } +#endif +/* + * lookup certificates for token in slot identified by slotidx, + * add 'wrapped' public keys to the 'keysp' array and increment nkeys. + * keysp points to an (possibly empty) array with *nkeys keys. + */ static int -pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, - CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], +pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx, struct sshkey ***keysp, int *nkeys) { - struct sshkey *key; - RSA *rsa; - X509 *x509; - EVP_PKEY *evp; - int i; - const u_char *cp; - CK_RV rv; - CK_OBJECT_HANDLE obj; - CK_ULONG nfound; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *f; + struct sshkey *key = NULL; + CK_OBJECT_CLASS key_class; + CK_ATTRIBUTE key_attr[1]; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *f = NULL; + CK_RV rv; + CK_OBJECT_HANDLE obj; + CK_ULONG n = 0; + int ret = -1; + + memset(&key_attr, 0, sizeof(key_attr)); + memset(&obj, 0, sizeof(obj)); + + key_class = CKO_CERTIFICATE; + key_attr[0].type = CKA_CLASS; + key_attr[0].pValue = &key_class; + key_attr[0].ulValueLen = sizeof(key_class); - f = p->function_list; session = p->slotinfo[slotidx].session; - /* setup a filter the looks for public keys */ - if ((rv = f->C_FindObjectsInit(session, filter, 1)) != CKR_OK) { + f = p->function_list; + + rv = f->C_FindObjectsInit(session, key_attr, 1); + if (rv != CKR_OK) { error("C_FindObjectsInit failed: %lu", rv); - return (-1); + goto fail; } + while (1) { - /* XXX 3 attributes in attribs[] */ - for (i = 0; i < 3; i++) { - attribs[i].pValue = NULL; - attribs[i].ulValueLen = 0; + CK_CERTIFICATE_TYPE ck_cert_type; + + rv = f->C_FindObjects(session, &obj, 1, &n); + if (rv != CKR_OK) { + error("C_FindObjects failed: %lu", rv); + goto fail; } - if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK - || nfound == 0) + if (n == 0) break; - /* found a key, so figure out size of the attributes */ - if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) - != CKR_OK) { + + memset(&ck_cert_type, 0, sizeof(ck_cert_type)); + memset(&key_attr, 0, sizeof(key_attr)); + key_attr[0].type = CKA_CERTIFICATE_TYPE; + key_attr[0].pValue = &ck_cert_type; + key_attr[0].ulValueLen = sizeof(ck_cert_type); + + rv = f->C_GetAttributeValue(session, obj, key_attr, 1); + if (rv != CKR_OK) { error("C_GetAttributeValue failed: %lu", rv); - continue; + goto fail; } - /* - * Allow CKA_ID (always first attribute) to be empty, but - * ensure that none of the others are zero length. - * XXX assumes CKA_ID is always first. - */ - if (attribs[1].ulValueLen == 0 || - attribs[2].ulValueLen == 0) { + + switch (ck_cert_type) { + case CKC_X_509: + key = pkcs11_fetch_x509_pubkey(p, slotidx, &obj); + break; + default: + /* XXX print key type? */ + error("skipping unsupported certificate type"); + } + + if (key == NULL) { + error("failed to fetch key"); continue; } - /* allocate buffers for attributes */ - for (i = 0; i < 3; i++) { - if (attribs[i].ulValueLen > 0) { - attribs[i].pValue = xmalloc( - attribs[i].ulValueLen); - } + + if (pkcs11_key_included(keysp, nkeys, key)) { + sshkey_free(key); + } else { + /* expand key array and add key */ + *keysp = xrecallocarray(*keysp, *nkeys, + *nkeys + 1, sizeof(struct sshkey *)); + (*keysp)[*nkeys] = key; + *nkeys = *nkeys + 1; + debug("have %d keys", *nkeys); } + } - /* - * retrieve ID, modulus and public exponent of RSA key, - * or ID, subject and value for certificates. - */ - rsa = NULL; - if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) - != CKR_OK) { + ret = 0; +fail: + rv = f->C_FindObjectsFinal(session); + if (rv != CKR_OK) { + error("C_FindObjectsFinal failed: %lu", rv); + ret = -1; + } + + return (ret); +} + +/* + * lookup public keys for token in slot identified by slotidx, + * add 'wrapped' public keys to the 'keysp' array and increment nkeys. + * keysp points to an (possibly empty) array with *nkeys keys. + */ +static int +pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, + struct sshkey ***keysp, int *nkeys) +{ + struct sshkey *key = NULL; + CK_OBJECT_CLASS key_class; + CK_ATTRIBUTE key_attr[1]; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *f = NULL; + CK_RV rv; + CK_OBJECT_HANDLE obj; + CK_ULONG n = 0; + int ret = -1; + + memset(&key_attr, 0, sizeof(key_attr)); + memset(&obj, 0, sizeof(obj)); + + key_class = CKO_PUBLIC_KEY; + key_attr[0].type = CKA_CLASS; + key_attr[0].pValue = &key_class; + key_attr[0].ulValueLen = sizeof(key_class); + + session = p->slotinfo[slotidx].session; + f = p->function_list; + + rv = f->C_FindObjectsInit(session, key_attr, 1); + if (rv != CKR_OK) { + error("C_FindObjectsInit failed: %lu", rv); + goto fail; + } + + while (1) { + CK_KEY_TYPE ck_key_type; + + rv = f->C_FindObjects(session, &obj, 1, &n); + if (rv != CKR_OK) { + error("C_FindObjects failed: %lu", rv); + goto fail; + } + if (n == 0) + break; + + memset(&ck_key_type, 0, sizeof(ck_key_type)); + memset(&key_attr, 0, sizeof(key_attr)); + key_attr[0].type = CKA_KEY_TYPE; + key_attr[0].pValue = &ck_key_type; + key_attr[0].ulValueLen = sizeof(ck_key_type); + + rv = f->C_GetAttributeValue(session, obj, key_attr, 1); + if (rv != CKR_OK) { error("C_GetAttributeValue failed: %lu", rv); - } else if (attribs[1].type == CKA_MODULUS ) { - if ((rsa = RSA_new()) == NULL) { - error("RSA_new failed"); - } else { - BIGNUM *rsa_n, *rsa_e; - - rsa_n = BN_bin2bn(attribs[1].pValue, - attribs[1].ulValueLen, NULL); - rsa_e = BN_bin2bn(attribs[2].pValue, - attribs[2].ulValueLen, NULL); - if (rsa_n != NULL && rsa_e != NULL) { - if (!RSA_set0_key(rsa, - rsa_n, rsa_e, NULL)) - fatal("%s: set key", __func__); - rsa_n = rsa_e = NULL; /* transferred */ - } - BN_free(rsa_n); - BN_free(rsa_e); - } + goto fail; + } + + switch (ck_key_type) { + case CKK_RSA: + key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); + break; + case CKK_ECDSA: + key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); + break; + default: + /* XXX print key type? */ + error("skipping unsupported key type"); + } + + if (key == NULL) { + error("failed to fetch key"); + continue; + } + + if (pkcs11_key_included(keysp, nkeys, key)) { + sshkey_free(key); } else { - cp = attribs[2].pValue; - if ((x509 = X509_new()) == NULL) { - error("X509_new failed"); - } else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen) - == NULL) { - error("d2i_X509 failed"); - } else if ((evp = X509_get_pubkey(x509)) == NULL || - EVP_PKEY_base_id(evp) != EVP_PKEY_RSA || - EVP_PKEY_get0_RSA(evp) == NULL) { - debug("X509_get_pubkey failed or no rsa"); - } else if ((rsa = RSAPublicKey_dup( - EVP_PKEY_get0_RSA(evp))) == NULL) { - error("RSAPublicKey_dup"); - } - X509_free(x509); - } - if (rsa && have_rsa_key(rsa) && - pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - key->rsa = rsa; - key->type = KEY_RSA; - key->flags |= SSHKEY_FLAG_EXT; - if (pkcs11_key_included(keysp, nkeys, key)) { - sshkey_free(key); - } else { - /* expand key array and add key */ - *keysp = xrecallocarray(*keysp, *nkeys, - *nkeys + 1, sizeof(struct sshkey *)); - (*keysp)[*nkeys] = key; - *nkeys = *nkeys + 1; - debug("have %d keys", *nkeys); - } - } else if (rsa) { - RSA_free(rsa); - } - for (i = 0; i < 3; i++) - free(attribs[i].pValue); + /* expand key array and add key */ + *keysp = xrecallocarray(*keysp, *nkeys, + *nkeys + 1, sizeof(struct sshkey *)); + (*keysp)[*nkeys] = key; + *nkeys = *nkeys + 1; + debug("have %d keys", *nkeys); + } } - if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) + + ret = 0; +fail: + rv = f->C_FindObjectsFinal(session); + if (rv != CKR_OK) { error("C_FindObjectsFinal failed: %lu", rv); - return (0); + ret = -1; + } + + return (ret); } -/* register a new provider, fails if provider already exists */ -int -pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) +#ifdef WITH_PKCS11_KEYGEN +#define FILL_ATTR(attr, idx, typ, val, len) \ + { (attr[idx]).type=(typ); (attr[idx]).pValue=(val); (attr[idx]).ulValueLen=len; idx++; } + +static struct sshkey * +pkcs11_rsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, + char *label, CK_ULONG bits, CK_BYTE keyid, u_int32_t *err) +{ + struct pkcs11_slotinfo *si; + char *plabel = label ? label : ""; + int npub = 0, npriv = 0; + CK_RV rv; + CK_FUNCTION_LIST *f; + CK_SESSION_HANDLE session; + CK_BBOOL true_val = CK_TRUE, false_val = CK_FALSE; + CK_OBJECT_HANDLE pubKey, privKey; + CK_ATTRIBUTE tpub[16], tpriv[16]; + CK_MECHANISM mech = { + CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 + }; + CK_BYTE pubExponent[] = { + 0x01, 0x00, 0x01 /* RSA_F4 in bytes */ + }; + pubkey_filter[0].pValue = &pubkey_class; + cert_filter[0].pValue = &cert_class; + + *err = 0; + + FILL_ATTR(tpub, npub, CKA_TOKEN, &true_val, sizeof(true_val)); + FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel)); + FILL_ATTR(tpub, npub, CKA_ENCRYPT, &false_val, sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_VERIFY, &true_val, sizeof(true_val)); + FILL_ATTR(tpub, npub, CKA_VERIFY_RECOVER, &false_val, + sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_WRAP, &false_val, sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_DERIVE, &false_val, sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_MODULUS_BITS, &bits, sizeof(bits)); + FILL_ATTR(tpub, npub, CKA_PUBLIC_EXPONENT, pubExponent, + sizeof(pubExponent)); + FILL_ATTR(tpub, npub, CKA_ID, &keyid, sizeof(keyid)); + + FILL_ATTR(tpriv, npriv, CKA_TOKEN, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_LABEL, plabel, strlen(plabel)); + FILL_ATTR(tpriv, npriv, CKA_PRIVATE, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_SENSITIVE, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_DECRYPT, &false_val, sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_SIGN, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_SIGN_RECOVER, &false_val, + sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_UNWRAP, &false_val, sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_DERIVE, &false_val, sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_ID, &keyid, sizeof(keyid)); + + f = p->function_list; + si = &p->slotinfo[slotidx]; + session = si->session; + + if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, + &pubKey, &privKey)) != CKR_OK) { + error("%s: key generation failed: error 0x%lx", __func__, rv); + *err = rv; + return NULL; + } + + return pkcs11_fetch_rsa_pubkey(p, slotidx, &pubKey); +} + +static int +pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen) +{ + size_t i, len; + char ptr[3]; + + if (dest) + *dest = NULL; + if (rlen) + *rlen = 0; + + if ((len = strlen(hex)) % 2) + return -1; + len /= 2; + + *dest = xmalloc(len); + + ptr[2] = '\0'; + for (i = 0; i < len; i++) { + ptr[0] = hex[2 * i]; + ptr[1] = hex[(2 * i) + 1]; + if (!isxdigit(ptr[0]) || !isxdigit(ptr[1])) + return -1; + (*dest)[i] = (unsigned char)strtoul(ptr, NULL, 16); + } + + if (rlen) + *rlen = len; + + return 0; +} + +static struct ec_curve_info { + const char *name; + const char *oid; + const char *oid_encoded; + size_t size; +} ec_curve_infos[] = { + {"prime256v1", "1.2.840.10045.3.1.7", "06082A8648CE3D030107", 256}, + {"secp384r1", "1.3.132.0.34", "06052B81040022", 384}, + {"secp521r1", "1.3.132.0.35", "06052B81040023", 521}, + {NULL, NULL, NULL, 0}, +}; + +static struct sshkey * +pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, + char *label, CK_ULONG bits, CK_BYTE keyid, u_int32_t *err) +{ + struct pkcs11_slotinfo *si; + char *plabel = label ? label : ""; + int i; + size_t ecparams_size; + unsigned char *ecparams = NULL; + int npub = 0, npriv = 0; + CK_RV rv; + CK_FUNCTION_LIST *f; + CK_SESSION_HANDLE session; + CK_BBOOL true_val = CK_TRUE, false_val = CK_FALSE; + CK_OBJECT_HANDLE pubKey, privKey; + CK_MECHANISM mech = { + CKM_EC_KEY_PAIR_GEN, NULL_PTR, 0 + }; + CK_ATTRIBUTE tpub[16], tpriv[16]; + + *err = 0; + + for (i = 0; ec_curve_infos[i].name; i++) { + if (ec_curve_infos[i].size == bits) + break; + } + if (!ec_curve_infos[i].name) { + error("%s: invalid key size %lu", __func__, bits); + return NULL; + } + if (pkcs11_decode_hex(ec_curve_infos[i].oid_encoded, &ecparams, + &ecparams_size) == -1) { + error("%s: invalid oid", __func__); + return NULL; + } + + FILL_ATTR(tpub, npub, CKA_TOKEN, &true_val, sizeof(true_val)); + FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel)); + FILL_ATTR(tpub, npub, CKA_ENCRYPT, &false_val, sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_VERIFY, &true_val, sizeof(true_val)); + FILL_ATTR(tpub, npub, CKA_VERIFY_RECOVER, &false_val, + sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_WRAP, &false_val, sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_DERIVE, &false_val, sizeof(false_val)); + FILL_ATTR(tpub, npub, CKA_EC_PARAMS, ecparams, ecparams_size); + FILL_ATTR(tpub, npub, CKA_ID, &keyid, sizeof(keyid)); + + FILL_ATTR(tpriv, npriv, CKA_TOKEN, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_LABEL, plabel, strlen(plabel)); + FILL_ATTR(tpriv, npriv, CKA_PRIVATE, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_SENSITIVE, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_DECRYPT, &false_val, sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_SIGN, &true_val, sizeof(true_val)); + FILL_ATTR(tpriv, npriv, CKA_SIGN_RECOVER, &false_val, + sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_UNWRAP, &false_val, sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_DERIVE, &false_val, sizeof(false_val)); + FILL_ATTR(tpriv, npriv, CKA_ID, &keyid, sizeof(keyid)); + + f = p->function_list; + si = &p->slotinfo[slotidx]; + session = si->session; + + if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, + &pubKey, &privKey)) != CKR_OK) { + error("%s: key generation failed: error 0x%lx", __func__, rv); + *err = rv; + return NULL; + } + + return pkcs11_fetch_ecdsa_pubkey(p, slotidx, &pubKey); +} +#endif /* WITH_PKCS11_KEYGEN */ + +/* + * register a new provider, fails if provider already exists. if + * keyp is provided, fetch keys. + */ +static int +pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp, + struct pkcs11_provider **providerp, CK_ULONG user) { int nkeys, need_finalize = 0; + int ret = -1; struct pkcs11_provider *p = NULL; void *handle = NULL; CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **); @@ -601,13 +1334,19 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) CK_TOKEN_INFO *token; CK_ULONG i; - *keyp = NULL; + if (providerp == NULL) + goto fail; + *providerp = NULL; + + if (keyp != NULL) + *keyp = NULL; + if (pkcs11_provider_lookup(provider_id) != NULL) { debug("%s: provider already registered: %s", __func__, provider_id); goto fail; } - /* open shared pkcs11-libarary */ + /* open shared pkcs11-library */ if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) { error("dlopen %s failed: %s", provider_id, dlerror()); goto fail; @@ -653,8 +1392,9 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) goto fail; } if (p->nslots == 0) { - debug("%s: provider %s returned no slots", __func__, + error("%s: provider %s returned no slots", __func__, provider_id); + ret = -SSH_PKCS11_ERR_NO_SLOTS; goto fail; } p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID)); @@ -690,43 +1430,251 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) provider_id, (unsigned long)i, token->label, token->manufacturerID, token->model, token->serialNumber, token->flags); - /* open session, login with pin and retrieve public keys */ - if (pkcs11_open_session(p, i, pin) == 0) + /* + * open session, login with pin and retrieve public + * keys (if keyp is provided) + */ + if ((ret = pkcs11_open_session(p, i, pin, user)) == 0) { + if (keyp == NULL) + continue; pkcs11_fetch_keys(p, i, keyp, &nkeys); + pkcs11_fetch_certs(p, i, keyp, &nkeys); + } } - if (nkeys > 0) { - TAILQ_INSERT_TAIL(&pkcs11_providers, p, next); - p->refcount++; /* add to provider list */ - return (nkeys); - } - debug("%s: provider %s returned no keys", __func__, provider_id); - /* don't add the provider, since it does not have any keys */ + + /* now owned by caller */ + *providerp = p; + + TAILQ_INSERT_TAIL(&pkcs11_providers, p, next); + p->refcount++; /* add to provider list */ + + return (nkeys); fail: if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) error("C_Finalize for provider %s failed: %lu", provider_id, rv); if (p) { + free(p->name); free(p->slotlist); free(p->slotinfo); free(p); } if (handle) dlclose(handle); - return (-1); + return (ret); } -#else +/* + * register a new provider and get number of keys hold by the token, + * fails if provider already exists + */ +int +pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) +{ + struct pkcs11_provider *p = NULL; + int nkeys; + + nkeys = pkcs11_register_provider(provider_id, pin, keyp, &p, CKU_USER); + /* no keys found or some other error, de-register provider */ + if (nkeys <= 0 && p != NULL) { + TAILQ_REMOVE(&pkcs11_providers, p, next); + pkcs11_provider_finalize(p); + pkcs11_provider_unref(p); + } + if (nkeys == 0) + debug("%s: provider %s returned no keys", __func__, + provider_id); + + return (nkeys); +} + +#ifdef WITH_PKCS11_KEYGEN +struct sshkey * +pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label, + unsigned int type, unsigned int bits, unsigned char keyid, u_int32_t *err) +{ + struct pkcs11_provider *p = NULL; + struct pkcs11_slotinfo *si; + CK_FUNCTION_LIST *f; + CK_SESSION_HANDLE session; + struct sshkey *k = NULL; + int ret = -1, reset_pin = 0, reset_provider = 0; + CK_RV rv; + + *err = 0; + + if ((p = pkcs11_provider_lookup(provider_id)) != NULL) + debug("%s: provider \"%s\" available", __func__, provider_id); + else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, &p, + CKU_SO)) < 0) { + debug("%s: could not register provider %s", __func__, + provider_id); + goto out; + } else + reset_provider = 1; + + f = p->function_list; + si = &p->slotinfo[slotidx]; + session = si->session; + + if ((rv = f->C_SetOperationState(session , pin, strlen(pin), + CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { + debug("%s: could not supply SO pin: %lu", __func__, rv); + reset_pin = 0; + } else + reset_pin = 1; + + switch (type) { + case KEY_RSA: + if ((k = pkcs11_rsa_generate_private_key(p, slotidx, label, + bits, keyid, err)) == NULL) { + debug("%s: failed to generate RSA key", __func__); + goto out; + } + break; + case KEY_ECDSA: + if ((k = pkcs11_ecdsa_generate_private_key(p, slotidx, label, + bits, keyid, err)) == NULL) { + debug("%s: failed to generate ECDSA key", __func__); + goto out; + } + break; + default: + *err = SSH_PKCS11_ERR_GENERIC; + debug("%s: unknown type %d", __func__, type); + goto out; + } + +out: + if (reset_pin) + f->C_SetOperationState(session , NULL, 0, CK_INVALID_HANDLE, + CK_INVALID_HANDLE); + + if (reset_provider) + pkcs11_del_provider(provider_id); + + return (k); +} + +struct sshkey * +pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx, + unsigned char keyid, u_int32_t *err) +{ + struct pkcs11_provider *p = NULL; + struct pkcs11_slotinfo *si; + struct sshkey *k = NULL; + int reset_pin = 0, reset_provider = 0; + CK_ULONG nattrs; + CK_FUNCTION_LIST *f; + CK_SESSION_HANDLE session; + CK_ATTRIBUTE attrs[16]; + CK_OBJECT_CLASS key_class; + CK_KEY_TYPE key_type; + CK_OBJECT_HANDLE obj = CK_INVALID_HANDLE; + CK_RV rv; + + *err = 0; + + if ((p = pkcs11_provider_lookup(provider_id)) != NULL) { + debug("%s: using provider \"%s\"", __func__, provider_id); + } else if (pkcs11_register_provider(provider_id, pin, NULL, &p, + CKU_SO) < 0) { + debug("%s: could not register provider %s", __func__, + provider_id); + goto out; + } else + reset_provider = 1; + + f = p->function_list; + si = &p->slotinfo[slotidx]; + session = si->session; + + if ((rv = f->C_SetOperationState(session , pin, strlen(pin), + CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { + debug("%s: could not supply SO pin: %lu", __func__, rv); + reset_pin = 0; + } else + reset_pin = 1; + + /* private key */ + nattrs = 0; + key_class = CKO_PRIVATE_KEY; + FILL_ATTR(attrs, nattrs, CKA_CLASS, &key_class, sizeof(key_class)); + FILL_ATTR(attrs, nattrs, CKA_ID, &keyid, sizeof(keyid)); + + if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 && + obj != CK_INVALID_HANDLE) { + if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { + debug("%s: could not destroy private key 0x%hhx", + __func__, keyid); + *err = rv; + goto out; + } + } + + /* public key */ + nattrs = 0; + key_class = CKO_PUBLIC_KEY; + FILL_ATTR(attrs, nattrs, CKA_CLASS, &key_class, sizeof(key_class)); + FILL_ATTR(attrs, nattrs, CKA_ID, &keyid, sizeof(keyid)); + + if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 && + obj != CK_INVALID_HANDLE) { + + /* get key type */ + nattrs = 0; + FILL_ATTR(attrs, nattrs, CKA_KEY_TYPE, &key_type, + sizeof(key_type)); + rv = f->C_GetAttributeValue(session, obj, attrs, nattrs); + if (rv != CKR_OK) { + debug("%s: could not get key type of public key 0x%hhx", + __func__, keyid); + *err = rv; + key_type = -1; + } + if (key_type == CKK_RSA) + k = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); + else if (key_type == CKK_ECDSA) + k = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); + + if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { + debug("%s: could not destroy public key 0x%hhx", + __func__, keyid); + *err = rv; + goto out; + } + } + +out: + if (reset_pin) + f->C_SetOperationState(session , NULL, 0, CK_INVALID_HANDLE, + CK_INVALID_HANDLE); + + if (reset_provider) + pkcs11_del_provider(provider_id); + + return (k); +} +#endif /* WITH_PKCS11_KEYGEN */ +#else /* HAVE_DLOPEN */ int pkcs11_init(int interactive) { - return (0); + error("%s: dlopen() not supported", __func__); + return (-1); +} + +int +pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) +{ + error("%s: dlopen() not supported", __func__); + return (-1); } void pkcs11_terminate(void) { - return; + error("%s: dlopen() not supported", __func__); } - -#endif /* ENABLE_PKCS11 */ +#endif /* HAVE_DLOPEN */ diff --git a/ssh-pkcs11.h b/ssh-pkcs11.h index 0ced74f29..b9038450d 100644 --- a/ssh-pkcs11.h +++ b/ssh-pkcs11.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.h,v 1.4 2015/01/15 09:40:00 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.h,v 1.5 2019/01/20 22:51:37 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -14,10 +14,26 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +/* Errors for pkcs11_add_provider() */ +#define SSH_PKCS11_ERR_GENERIC 1 +#define SSH_PKCS11_ERR_LOGIN_FAIL 2 +#define SSH_PKCS11_ERR_NO_SLOTS 3 +#define SSH_PKCS11_ERR_PIN_REQUIRED 4 +#define SSH_PKCS11_ERR_PIN_LOCKED 5 + int pkcs11_init(int); void pkcs11_terminate(void); int pkcs11_add_provider(char *, char *, struct sshkey ***); int pkcs11_del_provider(char *); +#ifdef WITH_PKCS11_KEYGEN +struct sshkey * + pkcs11_gakp(char *, char *, unsigned int, char *, unsigned int, + unsigned int, unsigned char, u_int32_t *); +struct sshkey * + pkcs11_destroy_keypair(char *, char *, unsigned long, unsigned char, + u_int32_t *); +#endif #if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11) #undef ENABLE_PKCS11 diff --git a/sshkey.h b/sshkey.h index f6a007fdf..a91e60436 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.30 2018/09/14 04:17:44 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.31 2019/01/20 22:51:37 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -33,6 +33,7 @@ #include # ifdef OPENSSL_HAS_ECC # include +# include # else /* OPENSSL_HAS_ECC */ # define EC_KEY void # define EC_GROUP void -- cgit v1.2.3 From 854bd8674ee5074a239f7cadf757d55454802e41 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 22:54:30 +0000 Subject: upstream: allow override of the pkcs#11 helper binary via $SSH_PKCS11_HELPER; needed for regress tests. work by markus@, ok me OpenBSD-Commit-ID: f78d8185500bd7c37aeaf7bd27336db62f0f7a83 --- ssh-pkcs11-client.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 6e16b2f9a..de5aa8305 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.12 2019/01/20 22:51:37 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.13 2019/01/20 22:54:30 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -245,6 +245,7 @@ static int pkcs11_start_helper(void) { int pair[2]; + char *helper; if (pkcs11_start_helper_methods() == -1) { error("pkcs11_start_helper_methods failed"); @@ -266,10 +267,11 @@ pkcs11_start_helper(void) } close(pair[0]); close(pair[1]); - execlp(_PATH_SSH_PKCS11_HELPER, _PATH_SSH_PKCS11_HELPER, - (char *)NULL); - fprintf(stderr, "exec: %s: %s\n", _PATH_SSH_PKCS11_HELPER, - strerror(errno)); + helper = getenv("SSH_PKCS11_HELPER"); + if (helper == NULL || strlen(helper) == 0) + helper = _PATH_SSH_PKCS11_HELPER; + execlp(helper, helper, (char *)NULL); + fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno)); _exit(1); } close(pair[1]); -- cgit v1.2.3 From 0c50992af49b562970dd0ba3f8f151f1119e260e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 22:57:45 +0000 Subject: upstream: cleanup pkcs#11 client code: use sshkey_new in instead of stack- allocating a sshkey work by markus@, ok djm@ OpenBSD-Commit-ID: a048eb6ec8aa7fa97330af927022c0da77521f91 --- ssh-pkcs11-client.c | 65 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index de5aa8305..6cecf4863 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.13 2019/01/20 22:54:30 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.14 2019/01/20 22:57:45 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -117,19 +117,25 @@ pkcs11_terminate(void) static int rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) { - struct sshkey key; /* XXX */ - u_char *blob, *signature = NULL; + struct sshkey *key = NULL; + struct sshbuf *msg = NULL; + u_char *blob = NULL, *signature = NULL; size_t blen, slen = 0; int r, ret = -1; - struct sshbuf *msg; if (padding != RSA_PKCS1_PADDING) - return (-1); - key.type = KEY_RSA; - key.rsa = rsa; - if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) { + goto fail; + key = sshkey_new(KEY_UNSPEC); + if (key == NULL) { + error("%s: sshkey_new failed", __func__); + goto fail; + } + key->type = KEY_RSA; + RSA_up_ref(rsa); + key->rsa = rsa; + if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); - return -1; + goto fail; } if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); @@ -138,7 +144,6 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) (r = sshbuf_put_string(msg, from, flen)) != 0 || (r = sshbuf_put_u32(msg, 0)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - free(blob); send_msg(msg); sshbuf_reset(msg); @@ -151,6 +156,9 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) } free(signature); } + fail: + free(blob); + sshkey_free(key); sshbuf_free(msg); return (ret); } @@ -159,24 +167,33 @@ static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *ec) { - struct sshkey key; /* XXX */ - u_char *blob, *signature = NULL; + struct sshkey *key = NULL; + struct sshbuf *msg = NULL; + ECDSA_SIG *ret = NULL; const u_char *cp; + u_char *blob = NULL, *signature = NULL; size_t blen, slen = 0; - ECDSA_SIG *ret = NULL; - struct sshbuf *msg; - int r; + int r, nid; - key.type = KEY_ECDSA; - key.ecdsa = ec; - key.ecdsa_nid = sshkey_ecdsa_key_to_nid(ec); - if (key.ecdsa_nid < 0) { + nid = sshkey_ecdsa_key_to_nid(ec); + if (nid < 0) { error("%s: couldn't get curve nid", __func__); - return (NULL); + goto fail; + } + + key = sshkey_new(KEY_UNSPEC); + if (key == NULL) { + error("%s: sshkey_new failed", __func__); + goto fail; } - if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) { + key->ecdsa = ec; + key->ecdsa_nid = nid; + key->type = KEY_ECDSA; + EC_KEY_up_ref(ec); + + if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); - return (NULL); + goto fail; } if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); @@ -185,7 +202,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 || (r = sshbuf_put_u32(msg, 0)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - free(blob); send_msg(msg); sshbuf_reset(msg); @@ -197,6 +213,9 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, free(signature); } + fail: + free(blob); + sshkey_free(key); sshbuf_free(msg); return (ret); } -- cgit v1.2.3 From 749aef30321595435ddacef2f31d7a8f2b289309 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:00:12 +0000 Subject: upstream: cleanup unnecessary code in ECDSA pkcs#11 signature work by markus@, feedback and ok djm@ OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d --- ssh-pkcs11.c | 41 ++++++++++++++++------------------------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 01f968a9b..dd8d501ae 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -411,7 +411,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, CK_RV rv; ECDSA_SIG *ret = NULL; u_char *sig; - const u_char *cp; if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { ossl_error("EC_KEY_get_key_method_data failed for ec"); @@ -435,29 +434,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, error("C_Sign failed: %lu", rv); goto done; } - cp = sig; - ret = d2i_ECDSA_SIG(NULL, &cp, siglen); - if (ret == NULL) { - /* - * d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded - * sequence, but to the concatenation r|s. - */ - if (siglen < 64 || siglen > 132 || siglen % 2) { - ossl_error("d2i_ECDSA_SIG failed"); - goto done; - } - bnlen = siglen/2; - if ((ret = ECDSA_SIG_new()) == NULL) { - error("ECDSA_SIG_new failed"); - goto done; - } - if (BN_bin2bn(sig, bnlen, ret->r) == NULL || - BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { - ossl_error("d2i_ECDSA_SIG failed"); - ECDSA_SIG_free(ret); - ret = NULL; - goto done; - } + if (siglen < 64 || siglen > 132 || siglen % 2) { + ossl_error("d2i_ECDSA_SIG failed"); + goto done; + } + bnlen = siglen/2; + if ((ret = ECDSA_SIG_new()) == NULL) { + error("ECDSA_SIG_new failed"); + goto done; + } + if (BN_bin2bn(sig, bnlen, ret->r) == NULL || + BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { + ossl_error("d2i_ECDSA_SIG failed"); + ECDSA_SIG_free(ret); + ret = NULL; + goto done; } done: free(sig); -- cgit v1.2.3 From 24757c1ae309324e98d50e5935478655be04e549 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:01:59 +0000 Subject: upstream: cleanup PKCS#11 ECDSA pubkey loading: the returned object should never have a DER header work by markus; feedback and ok djm@ OpenBSD-Commit-ID: b617fa585eddbbf0b1245b58b7a3c4b8d613db17 --- ssh-pkcs11.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index dd8d501ae..0c8629a37 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.30 2019/01/20 23:01:59 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -576,6 +576,7 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, CK_SESSION_HANDLE session; CK_FUNCTION_LIST *f = NULL; CK_RV rv; + ASN1_OCTET_STRING *octet = NULL; EC_KEY *ec = NULL; EC_GROUP *group = NULL; struct sshkey *key = NULL; @@ -644,15 +645,16 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, goto fail; } - attrp = (const unsigned char *)key_attr[1].pValue; - if (o2i_ECPublicKey(&ec, &attrp, key_attr[1].ulValueLen) == NULL) { - /* try to skip DER header (octet string type and length byte) */ - attrp = (const unsigned char *)key_attr[1].pValue + 2; - if (o2i_ECPublicKey(&ec, &attrp, key_attr[1].ulValueLen - 2) - == NULL) { - ossl_error("o2i_ECPublicKey failed"); - goto fail; - } + attrp = key_attr[1].pValue; + octet = d2i_ASN1_OCTET_STRING(NULL, &attrp, key_attr[1].ulValueLen); + if (octet == NULL) { + ossl_error("d2i_ASN1_OCTET_STRING failed"); + goto fail; + } + attrp = octet->data; + if (o2i_ECPublicKey(&ec, &attrp, octet->length) == NULL) { + ossl_error("o2i_ECPublicKey failed"); + goto fail; } nid = sshkey_ecdsa_key_to_nid(ec); @@ -683,6 +685,8 @@ fail: EC_KEY_free(ec); if (group) EC_GROUP_free(group); + if (octet) + ASN1_OCTET_STRING_free(octet); return (key); } -- cgit v1.2.3 From 8a2467583f0b5760787273796ec929190c3f16ee Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:03:26 +0000 Subject: upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of EC_KEY internals as that won't work on OpenSSL work by markus@, feedback and ok djm@ OpenBSD-Commit-ID: 4a99cdb89fbd6f5155ef8c521c99dc66e2612700 --- ssh-pkcs11.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 0c8629a37..bcbf727e6 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.30 2019/01/20 23:01:59 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.31 2019/01/20 23:03:26 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -877,12 +877,11 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { - /* XXX XXX fix accessor */ - if (evp->pkey.ec == NULL) { + if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); goto fail; } - if ((ec = EC_KEY_dup(evp->pkey.ec)) == NULL) { + if ((ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(evp))) == NULL) { error("EC_KEY_dup failed"); goto fail; } -- cgit v1.2.3 From 445cfce49dfc904c6b8ab25afa2f43130296c1a5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:05:52 +0000 Subject: upstream: fix leak of ECDSA pkcs11_key objects work by markus, ok djm@ OpenBSD-Commit-ID: 9fc0c4f1d640aaa5f19b8d70f37ea19b8ad284a1 --- ssh-pkcs11.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index bcbf727e6..c36d31604 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.31 2019/01/20 23:03:26 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.32 2019/01/20 23:05:52 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -457,6 +457,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, } static EC_KEY_METHOD *ec_key_method; +static int ec_key_idx = 0; + +static void +pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void *argp) +{ + struct pkcs11_key *k11 = ptr; + + if (k11 == NULL) + return; + if (k11->provider) + pkcs11_provider_unref(k11->provider); + free(k11->keyid); + free(k11); +} static int pkcs11_ecdsa_start_wrapper(void) @@ -466,6 +481,10 @@ pkcs11_ecdsa_start_wrapper(void) if (ec_key_method != NULL) return (0); + ec_key_idx = EC_KEY_get_ex_new_index(0, "ssh-pkcs11-ecdsa", + NULL, NULL, pkcs11_k11_free); + if (ec_key_idx == -1) + return (-1); ec_key_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); if (ec_key_method == NULL) return (-1); @@ -494,7 +513,7 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, k11->ec_key_method = ec_key_method; EC_KEY_set_method(ec, k11->ec_key_method); - EC_KEY_set_ex_data(ec, 0, k11); + EC_KEY_set_ex_data(ec, ec_key_idx, k11); return (0); } -- cgit v1.2.3 From f118542fc82a3b3ab0360955b33bc5a271ea709f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:08:24 +0000 Subject: upstream: make the PKCS#11 RSA code more like the new PKCS#11 ECDSA code: use a single custom RSA_METHOD instead of a method per key suggested by me, but markus@ did all the work. ok djm@ OpenBSD-Commit-ID: 8aafcebe923dc742fc5537a995cee549d07e4b2e --- ssh-pkcs11.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index c36d31604..d7b3a65f0 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.32 2019/01/20 23:05:52 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.33 2019/01/20 23:08:24 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -334,8 +334,8 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, CK_RV rv; int rval = -1; - if ((k11 = RSA_get_app_data(rsa)) == NULL) { - error("RSA_get_app_data failed for rsa %p", rsa); + if ((k11 = RSA_get_ex_data(rsa, 0)) == NULL) { + error("RSA_get_ex_data failed for rsa %p", rsa); return (-1); } @@ -365,13 +365,35 @@ pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, return (-1); } +static RSA_METHOD *rsa_method; + +static int +pkcs11_rsa_start_wrapper(void) +{ + if (rsa_method != NULL) + return (0); + rsa_method = RSA_meth_dup(RSA_get_default_method()); + if (rsa_method == NULL) + return (-1); + if (!RSA_meth_set1_name(rsa_method, "pkcs11") || + !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || + !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt) || + !RSA_meth_set_finish(rsa_method, pkcs11_rsa_finish)) { + error("%s: setup pkcs11 method failed", __func__); + return (-1); + } + return (0); +} + /* redirect private key operations for rsa key to pkcs11 token */ static int pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, CK_ATTRIBUTE *keyid_attrib, RSA *rsa) { struct pkcs11_key *k11; - const RSA_METHOD *def = RSA_get_default_method(); + + if (pkcs11_rsa_start_wrapper() == -1) + return (-1); k11 = xcalloc(1, sizeof(*k11)); k11->provider = provider; @@ -383,19 +405,10 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, k11->keyid = xmalloc(k11->keyid_len); memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); } - k11->rsa_method = RSA_meth_dup(def); - if (k11->rsa_method == NULL) - fatal("%s: RSA_meth_dup failed", __func__); - k11->orig_finish = RSA_meth_get_finish(def); - if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11") || - !RSA_meth_set_priv_enc(k11->rsa_method, - pkcs11_rsa_private_encrypt) || - !RSA_meth_set_priv_dec(k11->rsa_method, - pkcs11_rsa_private_decrypt) || - !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish)) - fatal("%s: setup pkcs11 method failed", __func__); + + k11->rsa_method = rsa_method; RSA_set_method(rsa, k11->rsa_method); - RSA_set_app_data(rsa, k11); + RSA_set_ex_data(rsa, 0, k11); return (0); } -- cgit v1.2.3 From 58622a8c82f4e2aad630580543f51ba537c1f39e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:10:33 +0000 Subject: upstream: use OpenSSL's RSA reference counting hooks to implicitly clean up pkcs11_key objects when their owning RSA object's reference count drops to zero. Simplifies the cleanup path and makes it more like ECDSA's work by markus@, ok djm@ OpenBSD-Commit-ID: 74b9c98f405cd78f7148e9e4a4982336cd3df25c --- ssh-pkcs11.c | 56 +++++++++++++++++++++----------------------------------- 1 file changed, 21 insertions(+), 35 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index d7b3a65f0..b8f2a3a4e 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.33 2019/01/20 23:08:24 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.34 2019/01/20 23:10:33 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -72,7 +72,6 @@ TAILQ_HEAD(, pkcs11_provider) pkcs11_providers; struct pkcs11_key { struct pkcs11_provider *provider; CK_ULONG slotidx; - int (*orig_finish)(RSA *rsa); RSA_METHOD *rsa_method; EC_KEY_METHOD *ec_key_method; char *keyid; @@ -190,23 +189,20 @@ pkcs11_del_provider(char *provider_id) return (-1); } -/* openssl callback for freeing an RSA key */ -static int -pkcs11_rsa_finish(RSA *rsa) +/* release a wrapped object */ +static void +pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void *argp) { - struct pkcs11_key *k11; - int rv = -1; - - if ((k11 = RSA_get_app_data(rsa)) != NULL) { - if (k11->orig_finish) - rv = k11->orig_finish(rsa); - if (k11->provider) - pkcs11_provider_unref(k11->provider); - RSA_meth_free(k11->rsa_method); - free(k11->keyid); - free(k11); - } - return (rv); + struct pkcs11_key *k11 = ptr; + + debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx); + if (k11 == NULL) + return; + if (k11->provider) + pkcs11_provider_unref(k11->provider); + free(k11->keyid); + free(k11); } /* find a single 'obj' for given attributes */ @@ -366,6 +362,7 @@ pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, } static RSA_METHOD *rsa_method; +static int rsa_idx = 0; static int pkcs11_rsa_start_wrapper(void) @@ -375,10 +372,13 @@ pkcs11_rsa_start_wrapper(void) rsa_method = RSA_meth_dup(RSA_get_default_method()); if (rsa_method == NULL) return (-1); + rsa_idx = RSA_get_ex_new_index(0, "ssh-pkcs11-rsa", + NULL, NULL, pkcs11_k11_free); + if (rsa_idx == -1) + return (-1); if (!RSA_meth_set1_name(rsa_method, "pkcs11") || !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || - !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt) || - !RSA_meth_set_finish(rsa_method, pkcs11_rsa_finish)) { + !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) { error("%s: setup pkcs11 method failed", __func__); return (-1); } @@ -408,7 +408,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, k11->rsa_method = rsa_method; RSA_set_method(rsa, k11->rsa_method); - RSA_set_ex_data(rsa, 0, k11); + RSA_set_ex_data(rsa, rsa_idx, k11); return (0); } @@ -472,20 +472,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, static EC_KEY_METHOD *ec_key_method; static int ec_key_idx = 0; -static void -pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) -{ - struct pkcs11_key *k11 = ptr; - - if (k11 == NULL) - return; - if (k11->provider) - pkcs11_provider_unref(k11->provider); - free(k11->keyid); - free(k11); -} - static int pkcs11_ecdsa_start_wrapper(void) { -- cgit v1.2.3 From 6529409e85890cd6df7e5e81d04e393b1d2e4b0b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:11:11 +0000 Subject: upstream: KNF previous; from markus@ OpenBSD-Commit-ID: 3dfe35e25b310c3968b1e4e53a0cb1d03bda5395 --- ssh-pkcs11.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index b8f2a3a4e..1a6e9806e 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.34 2019/01/20 23:10:33 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.35 2019/01/20 23:11:11 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -84,11 +84,11 @@ int pkcs11_interactive = 0; static void ossl_error(const char *msg) { - unsigned long e; + unsigned long e; - while ((e = ERR_get_error()) != 0) - error("%s: %s: %.100s", __func__, msg, - ERR_error_string(e, NULL)); + while ((e = ERR_get_error()) != 0) + error("%s: %s: %.100s", __func__, msg, + ERR_error_string(e, NULL)); } #endif @@ -1251,7 +1251,7 @@ static struct ec_curve_info { {"prime256v1", "1.2.840.10045.3.1.7", "06082A8648CE3D030107", 256}, {"secp384r1", "1.3.132.0.34", "06052B81040022", 384}, {"secp521r1", "1.3.132.0.35", "06052B81040023", 521}, - {NULL, NULL, NULL, 0}, + {NULL, NULL, NULL, 0}, }; static struct sshkey * -- cgit v1.2.3 From fcb1b0937182d0137a3c357c89735d0dc5869d54 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:12:35 +0000 Subject: upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD now, so there is no need to keep a copy of each in the pkcs11_key object. work by markus@, ok djm@ OpenBSD-Commit-ID: 43b4856516e45c0595f17a8e95b2daee05f12faa --- ssh-pkcs11.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 1a6e9806e..b49034952 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.35 2019/01/20 23:11:11 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.36 2019/01/20 23:12:35 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -72,8 +72,6 @@ TAILQ_HEAD(, pkcs11_provider) pkcs11_providers; struct pkcs11_key { struct pkcs11_provider *provider; CK_ULONG slotidx; - RSA_METHOD *rsa_method; - EC_KEY_METHOD *ec_key_method; char *keyid; int keyid_len; }; @@ -406,8 +404,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); } - k11->rsa_method = rsa_method; - RSA_set_method(rsa, k11->rsa_method); + RSA_set_method(rsa, rsa_method); RSA_set_ex_data(rsa, rsa_idx, k11); return (0); } @@ -509,9 +506,8 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, k11->keyid_len = keyid_attrib->ulValueLen; k11->keyid = xmalloc(k11->keyid_len); memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); - k11->ec_key_method = ec_key_method; - EC_KEY_set_method(ec, k11->ec_key_method); + EC_KEY_set_method(ec, ec_key_method); EC_KEY_set_ex_data(ec, ec_key_idx, k11); return (0); -- cgit v1.2.3 From e2cb445d786f7572da2af93e3433308eaed1093a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 11:32:28 +1100 Subject: conditionalise ECDSA PKCS#11 support Require EC_KEY_METHOD support in libcrypto, evidenced by presence of EC_KEY_METHOD_new() function. --- configure.ac | 1 + ssh-pkcs11-client.c | 10 +++++++++- ssh-pkcs11.c | 10 ++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0509c306d..a5974e372 100644 --- a/configure.ac +++ b/configure.ac @@ -2973,6 +2973,7 @@ if test "x$openssl" = "xyes" ; then if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ test x$enable_nistp521 = x1; then AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) + AC_CHECK_FUNCS([EC_KEY_METHOD_new]) fi if test x$enable_nistp256 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP256], [1], diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 6cecf4863..5ba33332a 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -163,6 +163,7 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) return (ret); } +#ifdef HAVE_EC_KEY_METHOD_NEW static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *ec) @@ -219,9 +220,12 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, sshbuf_free(msg); return (ret); } +#endif /* HAVE_EC_KEY_METHOD_NEW */ static RSA_METHOD *helper_rsa; +#ifdef HAVE_EC_KEY_METHOD_NEW static EC_KEY_METHOD *helper_ecdsa; +#endif /* HAVE_EC_KEY_METHOD_NEW */ /* redirect private key crypto operations to the ssh-pkcs11-helper */ static void @@ -229,8 +233,10 @@ wrap_key(struct sshkey *k) { if (k->type == KEY_RSA) RSA_set_method(k->rsa, helper_rsa); +#ifdef HAVE_EC_KEY_METHOD_NEW else if (k->type == KEY_ECDSA) EC_KEY_set_method(k->ecdsa, helper_ecdsa); +#endif /* HAVE_EC_KEY_METHOD_NEW */ else fatal("%s: unknown key type", __func__); } @@ -238,9 +244,10 @@ wrap_key(struct sshkey *k) static int pkcs11_start_helper_methods(void) { - if (helper_ecdsa != NULL) + if (helper_rsa != NULL) return (0); +#ifdef HAVE_EC_KEY_METHOD_NEW int (*orig_sign)(int, const unsigned char *, int, unsigned char *, unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; if (helper_ecdsa != NULL) @@ -250,6 +257,7 @@ pkcs11_start_helper_methods(void) return (-1); EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); +#endif /* HAVE_EC_KEY_METHOD_NEW */ if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) fatal("%s: RSA_meth_dup failed", __func__); diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index b49034952..2b65010ce 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -409,6 +409,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } +#ifdef HAVE_EC_KEY_METHOD_NEW /* openssl callback doing the actual signing operation */ static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, @@ -512,6 +513,7 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } +#endif /* HAVE_EC_KEY_METHOD_NEW */ /* remove trailing spaces */ static void @@ -582,6 +584,7 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) return (0); } +#ifdef HAVE_EC_KEY_METHOD_NEW static struct sshkey * pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, CK_OBJECT_HANDLE *obj) @@ -704,6 +707,7 @@ fail: return (key); } +#endif /* HAVE_EC_KEY_METHOD_NEW */ static struct sshkey * pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, @@ -808,7 +812,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, EC_KEY *ec = NULL; struct sshkey *key = NULL; int i; +#ifdef HAVE_EC_KEY_METHOD_NEW int nid; +#endif const u_char *cp; memset(&cert_attr, 0, sizeof(cert_attr)); @@ -890,6 +896,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ +#ifdef HAVE_EC_KEY_METHOD_NEW } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); @@ -920,6 +927,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_ECDSA; key->flags |= SSHKEY_FLAG_EXT; ec = NULL; /* now owned by key */ +#endif /* HAVE_EC_KEY_METHOD_NEW */ } else error("unknown certificate key type"); @@ -1103,9 +1111,11 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, case CKK_RSA: key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); break; +#ifdef HAVE_EC_KEY_METHOD_NEW case CKK_ECDSA: key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); break; +#endif /* HAVE_EC_KEY_METHOD_NEW */ default: /* XXX print key type? */ error("skipping unsupported key type"); -- cgit v1.2.3 From 5de6ac2bad11175135d9b819b3546db0ca0b4878 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 11:44:19 +1100 Subject: remove HAVE_DLOPEN that snuck in portable doesn't use this --- ssh-pkcs11.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 2b65010ce..41992ceb7 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -78,7 +78,6 @@ struct pkcs11_key { int pkcs11_interactive = 0; -#ifdef HAVE_DLOPEN static void ossl_error(const char *msg) { @@ -88,7 +87,6 @@ ossl_error(const char *msg) error("%s: %s: %.100s", __func__, msg, ERR_error_string(e, NULL)); } -#endif int pkcs11_init(int interactive) @@ -1675,7 +1673,7 @@ out: return (k); } #endif /* WITH_PKCS11_KEYGEN */ -#else /* HAVE_DLOPEN */ +#else /* ENABLE_PKCS11 */ int pkcs11_init(int interactive) { @@ -1695,4 +1693,4 @@ pkcs11_terminate(void) { error("%s: dlopen() not supported", __func__); } -#endif /* HAVE_DLOPEN */ +#endif /* ENABLE_PKCS11 */ -- cgit v1.2.3 From 632976418d60b7193597bbc6ac7ca33981a41aab Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 00:47:34 +0000 Subject: upstream: use ECDSA_SIG_set0() instead of poking signature values into structure directly; the latter works on LibreSSL but not on OpenSSL. From portable. OpenBSD-Commit-ID: 5b22a1919d9cee907d3f8a029167f70a481891c6 --- ssh-pkcs11.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 41992ceb7..7dc828978 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.36 2019/01/20 23:12:35 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.37 2019/01/21 00:47:34 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -420,6 +420,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, CK_RV rv; ECDSA_SIG *ret = NULL; u_char *sig; + BIGNUM *r = NULL, *s = NULL; if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { ossl_error("EC_KEY_get_key_method_data failed for ec"); @@ -452,14 +453,24 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, error("ECDSA_SIG_new failed"); goto done; } - if (BN_bin2bn(sig, bnlen, ret->r) == NULL || - BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { + if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL || + (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) { ossl_error("d2i_ECDSA_SIG failed"); ECDSA_SIG_free(ret); ret = NULL; goto done; } + if (!ECDSA_SIG_set0(ret, r, s)) { + error("%s: ECDSA_SIG_set0 failed", __func__); + ECDSA_SIG_free(ret); + ret = NULL; + goto done; + } + r = s = NULL; /* now owned by ret */ + /* success */ done: + BN_free(r); + BN_free(s); free(sig); return (ret); -- cgit v1.2.3 From b2ce8b31a1f974a13e6d12e0a0c132b50bc45115 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:24:19 +0000 Subject: upstream: add "extra:" target to run some extra tests that are not enabled by default (currently includes agent-pkcs11.sh); from markus@ OpenBSD-Regress-ID: 9a969e1adcd117fea174d368dcb9c61eb50a2a3c --- regress/Makefile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index 62e55533b..925edf71a 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.99 2018/12/15 00:50:21 tedu Exp $ +# $OpenBSD: Makefile,v 1.100 2019/01/20 23:24:19 djm Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -91,7 +91,8 @@ LTESTS= connect \ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp -#LTESTS= cipher-speed +EXTRA_TESTS= agent-pkcs11 +#EXTRA_TESTS+= cipher-speed USERNAME= ${LOGNAME} CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ @@ -214,6 +215,13 @@ t-exec-interop: ${INTEROP_TESTS:=.sh} (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done +t-extra: ${EXTRA_TESTS:=.sh} + @if [ "x$?" = "x" ]; then exit 0; fi; \ + for TEST in ""$?; do \ + echo "run test $${TEST}" ... 1>&2; \ + (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ + done + # Not run by default interop: ${INTEROP_TARGETS} -- cgit v1.2.3 From 760ae37b4505453c6fa4faf1aa39a8671ab053af Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:25:25 +0000 Subject: upstream: adapt agent-pkcs11.sh test to softhsm2 and add support for ECDSA keys work by markus@, ok djm@ OpenBSD-Regress-ID: 1ebc2be0e88eff1b6d8be2f9c00cdc60723509fe --- regress/agent-pkcs11.sh | 81 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 58 insertions(+), 23 deletions(-) diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh index db3018b88..34662871f 100644 --- a/regress/agent-pkcs11.sh +++ b/regress/agent-pkcs11.sh @@ -1,16 +1,33 @@ -# $OpenBSD: agent-pkcs11.sh,v 1.3 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: agent-pkcs11.sh,v 1.4 2019/01/20 23:25:25 djm Exp $ # Placed in the Public Domain. tid="pkcs11 agent test" -TEST_SSH_PIN="" -TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0 +TEST_SSH_PIN=1234 +TEST_SSH_SOPIN=12345678 +TEST_SSH_PKCS11=/usr/local/lib/softhsm/libsofthsm2.so test -f "$TEST_SSH_PKCS11" || fatal "$TEST_SSH_PKCS11 does not exist" -# setup environment for soft-pkcs11 token -SOFTPKCS11RC=$OBJ/pkcs11.info -export SOFTPKCS11RC +# setup environment for softhsm2 token +DIR=$OBJ/SOFTHSM +rm -rf $DIR +TOKEN=$DIR/tokendir +mkdir -p $TOKEN +SOFTHSM2_CONF=$DIR/softhsm2.conf +export SOFTHSM2_CONF +cat > $SOFTHSM2_CONF << EOF +# SoftHSM v2 configuration file +directories.tokendir = ${TOKEN} +objectstore.backend = file +# ERROR, WARNING, INFO, DEBUG +log.level = DEBUG +# If CKF_REMOVABLE_DEVICE flag should be set +slots.removable = false +EOF +out=$(softhsm2-util --init-token --free --label token-slot-0 --pin "$TEST_SSH_PIN" --so-pin "$TEST_SSH_SOPIN") +slot=$(echo -- $out | sed 's/.* //') + # prevent ssh-agent from calling ssh-askpass SSH_ASKPASS=/usr/bin/true export SSH_ASKPASS @@ -22,22 +39,29 @@ notty() { if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" } +trace "generating keys" +RSA=${DIR}/RSA +EC=${DIR}/EC +openssl genpkey -algorithm rsa > $RSA +openssl pkcs8 -nocrypt -in $RSA |\ + softhsm2-util --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" --import /dev/stdin +openssl genpkey \ + -genparam \ + -algorithm ec \ + -pkeyopt ec_paramgen_curve:prime256v1 |\ + openssl genpkey \ + -paramfile /dev/stdin > $EC +openssl pkcs8 -nocrypt -in $EC |\ + softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin + +LIBCRYPTO=${OBJ}/../../../../lib/libcrypto/obj + trace "start agent" -eval `${SSHAGENT} -s` > /dev/null +eval `LD_LIBRARY_PATH=$LIBCRYPTO ${SSHAGENT} -s` > /dev/null r=$? if [ $r -ne 0 ]; then fail "could not start ssh-agent: exit code $r" else - trace "generating key/cert" - rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt - openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1 - chmod 600 $OBJ/pkcs11.key - openssl req -key $OBJ/pkcs11.key -new -x509 \ - -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null - printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC - # add to authorized keys - ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER - trace "add pkcs11 key to agent" echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1 r=$? @@ -52,12 +76,23 @@ else fail "ssh-add -l failed: exit code $r" fi - trace "pkcs11 connect via agent" - ${SSH} -F $OBJ/ssh_proxy somehost exit 5 - r=$? - if [ $r -ne 5 ]; then - fail "ssh connect failed (exit code $r)" - fi + for k in $RSA $EC; do + trace "testing $k" + chmod 600 $k + ssh-keygen -y -f $k > $k.pub + pub=$(cat $k.pub) + ${SSHADD} -L | grep -q "$pub" || fail "key $k missing in ssh-add -L" + ${SSHADD} -T $k.pub || fail "ssh-add -T with $k failed" + + # add to authorized keys + cat $k.pub > $OBJ/authorized_keys_$USER + trace "pkcs11 connect via agent ($k)" + ${SSH} -F $OBJ/ssh_proxy somehost exit 5 + r=$? + if [ $r -ne 5 ]; then + fail "ssh connect failed (exit code $r)" + fi + done trace "remove pkcs11 keys" echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1 -- cgit v1.2.3 From 3c0c657ed7cd335fc05c0852d88232ca7e92a5d9 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:26:44 +0000 Subject: upstream: allow override of ssh-pkcs11-helper binary via $TEST_SSH_SSHPKCS11HELPER from markus@ OpenBSD-Regress-ID: 7382a3d76746f5a792d106912a5819fd5e49e469 --- regress/agent-pkcs11.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh index 34662871f..ab429768e 100644 --- a/regress/agent-pkcs11.sh +++ b/regress/agent-pkcs11.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-pkcs11.sh,v 1.4 2019/01/20 23:25:25 djm Exp $ +# $OpenBSD: agent-pkcs11.sh,v 1.5 2019/01/20 23:26:44 djm Exp $ # Placed in the Public Domain. tid="pkcs11 agent test" @@ -6,6 +6,10 @@ tid="pkcs11 agent test" TEST_SSH_PIN=1234 TEST_SSH_SOPIN=12345678 TEST_SSH_PKCS11=/usr/local/lib/softhsm/libsofthsm2.so +if [ "x$TEST_SSH_SSHPKCS11HELPER" != "x" ]; then + SSH_PKCS11_HELPER="${TEST_SSH_SSHPKCS11HELPER}" + export SSH_PKCS11_HELPER +fi test -f "$TEST_SSH_PKCS11" || fatal "$TEST_SSH_PKCS11 does not exist" -- cgit v1.2.3 From 2efcf812b4c1555ca3aff744820a3b3bccd68298 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 11:57:21 +1100 Subject: Fix -Wunused when compiling PKCS#11 without ECDSA --- ssh-pkcs11.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 7dc828978..c4afac994 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -78,6 +78,7 @@ struct pkcs11_key { int pkcs11_interactive = 0; +#ifdef HAVE_EC_KEY_METHOD_NEW static void ossl_error(const char *msg) { @@ -87,6 +88,7 @@ ossl_error(const char *msg) error("%s: %s: %.100s", __func__, msg, ERR_error_string(e, NULL)); } +#endif /* HAVE_EC_KEY_METHOD_NEW */ int pkcs11_init(int interactive) -- cgit v1.2.3 From 0a5f2ea35626022299ece3c8817a1abe8cf37b3e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 01:05:00 +0000 Subject: upstream: GSSAPI code got missed when converting to new packet API OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851 --- sshconnect2.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index f521f4a55..65d8be667 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.295 2019/01/19 21:40:21 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.296 2019/01/21 01:05:00 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -826,7 +826,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen - 2) { debug("Badly encoded mechanism OID received"); - userauth(authctxt, NULL); + userauth(ssh, NULL); goto ok; } @@ -839,7 +839,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) { /* Start again with next method on list */ debug("Trying to start again"); - userauth(authctxt, NULL); + userauth(ssh, NULL); goto ok; } ok: @@ -873,7 +873,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) /* Start again with the next method in the list */ if (GSS_ERROR(status)) { - userauth(authctxt, NULL); + userauth(ssh, NULL); /* ok */ } r = 0; -- cgit v1.2.3 From ce46c3a077dfb4c531ccffcfff03f37775725b75 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 02:01:03 +0000 Subject: upstream: get the ex_data (pkcs11_key object) back from the keys at the index at which it was inserted, rather than assuming index 0 OpenBSD-Commit-ID: 1f3a6ce0346c8014e895e50423bef16401510aa8 --- ssh-pkcs11.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index c4afac994..c4fe60948 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.37 2019/01/21 00:47:34 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.38 2019/01/21 02:01:03 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -187,6 +187,11 @@ pkcs11_del_provider(char *provider_id) return (-1); } +static RSA_METHOD *rsa_method; +static int rsa_idx = 0; +static EC_KEY_METHOD *ec_key_method; +static int ec_key_idx = 0; + /* release a wrapped object */ static void pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, @@ -328,7 +333,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, CK_RV rv; int rval = -1; - if ((k11 = RSA_get_ex_data(rsa, 0)) == NULL) { + if ((k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) { error("RSA_get_ex_data failed for rsa %p", rsa); return (-1); } @@ -359,9 +364,6 @@ pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, return (-1); } -static RSA_METHOD *rsa_method; -static int rsa_idx = 0; - static int pkcs11_rsa_start_wrapper(void) { @@ -424,7 +426,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, u_char *sig; BIGNUM *r = NULL, *s = NULL; - if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { + if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) { ossl_error("EC_KEY_get_key_method_data failed for ec"); return (NULL); } @@ -478,9 +480,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, return (ret); } -static EC_KEY_METHOD *ec_key_method; -static int ec_key_idx = 0; - static int pkcs11_ecdsa_start_wrapper(void) { -- cgit v1.2.3 From 662be40c62339ab645113c930ce689466f028938 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 02:05:38 +0000 Subject: upstream: always print the caller's error message in ossl_error(), even when there are no libcrypto errors to report. OpenBSD-Commit-ID: 09ebaa8f706e0eccedd209775baa1eee2ada806a --- ssh-pkcs11.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index c4fe60948..de65144f3 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.38 2019/01/21 02:01:03 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.39 2019/01/21 02:05:38 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -84,8 +84,9 @@ ossl_error(const char *msg) { unsigned long e; + error("%s: %s", __func__, msg); while ((e = ERR_get_error()) != 0) - error("%s: %s: %.100s", __func__, msg, + error("%s: libcrypto error: %.100s", __func__, ERR_error_string(e, NULL)); } #endif /* HAVE_EC_KEY_METHOD_NEW */ -- cgit v1.2.3 From ba58a529f45b3dae2db68607d8c54ae96e90e705 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 12:31:29 +1100 Subject: make agent-pkcs11 search harder for softhsm2.so --- regress/agent-pkcs11.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh index ab429768e..a57dad6ee 100644 --- a/regress/agent-pkcs11.sh +++ b/regress/agent-pkcs11.sh @@ -3,9 +3,24 @@ tid="pkcs11 agent test" +try_token_libs() { + for _lib in "$@" ; do + if test -f "$_lib" ; then + verbose "Using token library $_lib" + TEST_SSH_PKCS11="$_lib" + return + fi + done + echo "skipped: Unable to find PKCS#11 token library" + exit 0 +} + +try_token_libs \ + /usr/local/lib/softhsm/libsofthsm2.so \ + /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so + TEST_SSH_PIN=1234 TEST_SSH_SOPIN=12345678 -TEST_SSH_PKCS11=/usr/local/lib/softhsm/libsofthsm2.so if [ "x$TEST_SSH_SSHPKCS11HELPER" != "x" ]; then SSH_PKCS11_HELPER="${TEST_SSH_SSHPKCS11HELPER}" export SSH_PKCS11_HELPER -- cgit v1.2.3 From b2eb9db35b7191613f2f4b934d57b25938bb34b3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 12:53:40 +1100 Subject: pass TEST_SSH_SSHPKCS11HELPER to regress tests --- Makefile.in | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.in b/Makefile.in index 2d2de7b49..7b5de6039 100644 --- a/Makefile.in +++ b/Makefile.in @@ -598,6 +598,7 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \ TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \ TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \ + TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \ TEST_SSH_PLINK="plink"; \ TEST_SSH_PUTTYGEN="puttygen"; \ TEST_SSH_CONCH="conch"; \ -- cgit v1.2.3 From b6dd3277f2c49f9584a2097bc792e8f480397e87 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 21 Jan 2019 13:50:17 +1100 Subject: Wrap ECC static globals in EC_KEY_METHOD_NEW too. --- ssh-pkcs11.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index de65144f3..a798fde4d 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -190,8 +190,10 @@ pkcs11_del_provider(char *provider_id) static RSA_METHOD *rsa_method; static int rsa_idx = 0; +#ifdef EC_KEY_METHOD_NEW static EC_KEY_METHOD *ec_key_method; static int ec_key_idx = 0; +#endif /* release a wrapped object */ static void -- cgit v1.2.3 From 23490a6c970ea1d03581a3b4208f2eb7a675f453 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 15:05:43 +1100 Subject: fix previous test --- ssh-pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index a798fde4d..036ee8115 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -190,7 +190,7 @@ pkcs11_del_provider(char *provider_id) static RSA_METHOD *rsa_method; static int rsa_idx = 0; -#ifdef EC_KEY_METHOD_NEW +#ifdef HAVE_EC_KEY_METHOD_NEW static EC_KEY_METHOD *ec_key_method; static int ec_key_idx = 0; #endif -- cgit v1.2.3 From 2f0bad2bf85391dbb41315ab55032ec522660617 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 21 Jan 2019 21:28:27 +1100 Subject: Make --with-rpath take a flag instead of yes/no. Linkers need various flags for -rpath and similar, so make --with-rpath take an optional flag argument which is passed to the linker. ok djm@ --- configure.ac | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/configure.ac b/configure.ac index a5974e372..25ac38f7e 100644 --- a/configure.ac +++ b/configure.ac @@ -285,10 +285,11 @@ AC_ARG_WITH([rpath], [ --without-rpath Disable auto-added -R linker paths], [ if test "x$withval" = "xno" ; then - need_dash_r="" - fi - if test "x$withval" = "xyes" ; then - need_dash_r=1 + rpath_opt="" + elif test "x$withval" = "xyes" ; then + rpath_opt="-R" + else + rpath_opt="$withval" fi ] ) @@ -911,7 +912,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-netbsd*) check_for_libcrypt_before=1 if test "x$withval" != "xno" ; then - need_dash_r=1 + rpath_opt="-R" fi CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) @@ -962,7 +963,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-solaris*) if test "x$withval" != "xno" ; then - need_dash_r=1 + rpath_opt="-R" fi AC_DEFINE([PAM_SUN_CODEBASE]) AC_DEFINE([LOGIN_NEEDS_UTMPX]) @@ -1263,14 +1264,14 @@ AC_ARG_WITH([zlib], AC_MSG_ERROR([*** zlib is required ***]) elif test "x$withval" != "xyes"; then if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" else LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" else LDFLAGS="-L${withval} ${LDFLAGS}" fi @@ -1290,8 +1291,8 @@ AC_CHECK_LIB([z], [deflate], , saved_LDFLAGS="$LDFLAGS" save_LIBS="$LIBS" dnl Check default zlib install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" + if test -n "${rpath_opt}"; then + LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" else LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" fi @@ -1558,8 +1559,8 @@ AC_ARG_WITH([libedit], fi else CPPFLAGS="$CPPFLAGS -I${withval}/include" - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" else LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi @@ -2479,20 +2480,20 @@ AC_ARG_WITH([ssl-dir], ./*|../*) withval="`pwd`/$withval" esac if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" else LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi elif test -d "$withval/lib64"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" else LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" fi else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" else LDFLAGS="-L${withval} ${LDFLAGS}" fi @@ -4406,8 +4407,8 @@ AC_ARG_WITH([kerberos5], [ CPPFLAGS="$oldCPP" ]) fi - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" + if test -n "${rpath_opt}" ; then + LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" fi if test ! -z "$blibpath" ; then blibpath="$blibpath:${KRB5ROOT}/lib" -- cgit v1.2.3 From 9d1a9771d0ad3a83af733bf3d2650b53f43c269f Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Mon, 21 Jan 2019 07:09:10 +0000 Subject: upstream: - -T was added to the first synopsis by mistake - since "..." denotes optional, no need to surround it in [] ok djm OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25 --- ssh-add.1 | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ssh-add.1 b/ssh-add.1 index 35ab04426..90826f667 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.67 2019/01/20 22:03:29 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.68 2019/01/21 07:09:10 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 20 2019 $ +.Dd $Mdocdate: January 21 2019 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdkLlqTXx +.Op Fl cDdkLlqXx .Op Fl E Ar fingerprint_hash .Op Fl t Ar life .Op Ar @@ -53,8 +53,7 @@ .Fl e Ar pkcs11 .Nm ssh-add .Fl T -.Ar pubkey -.Op Ar ... +.Ar pubkey ... .Sh DESCRIPTION .Nm adds private key identities to the authentication agent, @@ -135,7 +134,7 @@ Be quiet after a successful operation. .It Fl s Ar pkcs11 Add keys provided by the PKCS#11 shared library .Ar pkcs11 . -.It Fl T Ar pubkey Op Ar ... +.It Fl T Ar pubkey ... Tests whether the private keys that correspond to the specified .Ar pubkey files are usable by performing sign and verify operations on each. -- cgit v1.2.3 From f3ebaffd8714be31d4345f90af64992de4b3bba2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 09:49:37 +0000 Subject: upstream: fix all-zero check in kexc25519_shared_key from markus@ ok djm@ OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d --- kexc25519.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/kexc25519.c b/kexc25519.c index 712dd523d..acddcab37 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.11 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.12 2019/01/21 09:49:37 djm Exp $ */ /* * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -64,14 +64,16 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE], const u_char pub[CURVE25519_SIZE], struct sshbuf *out) { u_char shared_key[CURVE25519_SIZE]; + u_char zero[CURVE25519_SIZE]; int r; - /* Check for all-zero public key */ - explicit_bzero(shared_key, CURVE25519_SIZE); - if (timingsafe_bcmp(pub, shared_key, CURVE25519_SIZE) == 0) + crypto_scalarmult_curve25519(shared_key, key, pub); + + /* Check for all-zero shared secret */ + explicit_bzero(zero, CURVE25519_SIZE); + if (timingsafe_bcmp(zero, shared_key, CURVE25519_SIZE) == 0) return SSH_ERR_KEY_INVALID_EC_VALUE; - crypto_scalarmult_curve25519(shared_key, key, pub); #ifdef DEBUG_KEXECDH dump_digest("shared secret", shared_key, CURVE25519_SIZE); #endif -- cgit v1.2.3 From 803178bd5da7e72be94ba5b4c4c196d4b542da4d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 09:52:25 +0000 Subject: upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1 functions from markus@ ok djm@ OpenBSD-Commit-ID: 0380b1b2d9de063de3c5a097481a622e6a04943e --- sshbuf-getput-crypto.c | 50 +------------------------------------------------- sshbuf.h | 4 +--- 2 files changed, 2 insertions(+), 52 deletions(-) diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index d0d791b50..a49b72ef7 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.6 2019/01/21 09:52:25 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -45,32 +45,6 @@ sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) return 0; } -int -sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) -{ - const u_char *d = sshbuf_ptr(buf); - u_int16_t len_bits; - size_t len_bytes; - - /* Length in bits */ - if (sshbuf_len(buf) < 2) - return SSH_ERR_MESSAGE_INCOMPLETE; - len_bits = PEEK_U16(d); - len_bytes = (len_bits + 7) >> 3; - if (len_bytes > SSHBUF_MAX_BIGNUM) - return SSH_ERR_BIGNUM_TOO_LARGE; - if (sshbuf_len(buf) < 2 + len_bytes) - return SSH_ERR_MESSAGE_INCOMPLETE; - if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_consume(buf, 2 + len_bytes) != 0) { - SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - SSHBUF_ABORT(); - return SSH_ERR_INTERNAL_ERROR; - } - return 0; -} - #ifdef OPENSSL_HAS_ECC static int get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g) @@ -165,28 +139,6 @@ sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) return 0; } -int -sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) -{ - int r, len_bits = BN_num_bits(v); - size_t len_bytes = (len_bits + 7) / 8; - u_char d[SSHBUF_MAX_BIGNUM], *dp; - - if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM) - return SSH_ERR_INVALID_ARGUMENT; - if (BN_bn2bin(v, d) != (int)len_bytes) - return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ - if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { - explicit_bzero(d, sizeof(d)); - return r; - } - POKE_U16(dp, len_bits); - if (len_bytes != 0) - memcpy(dp + 2, d, len_bytes); - explicit_bzero(d, sizeof(d)); - return 0; -} - #ifdef OPENSSL_HAS_ECC int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) diff --git a/sshbuf.h b/sshbuf.h index a43598cac..fa54b4950 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.11 2018/07/09 21:56:06 markus Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.12 2019/01/21 09:52:25 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -213,9 +213,7 @@ int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp); #ifdef WITH_OPENSSL int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); -int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); -int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); # ifdef OPENSSL_HAS_ECC int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); -- cgit v1.2.3 From 7be8572b32a15d5c3dba897f252e2e04e991c307 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 09:54:11 +0000 Subject: upstream: Make sshpkt_get_bignum2() allocate the bignum it is parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@ OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9 --- kexdhc.c | 11 ++---- kexdhs.c | 10 ++---- kexgexc.c | 20 +++-------- kexgexs.c | 8 ++--- monitor_wrap.c | 10 ++---- packet.c | 7 ++-- packet.h | 4 +-- ssh-ecdsa.c | 14 ++++---- sshbuf-getput-crypto.c | 17 ++++++--- sshbuf.h | 4 +-- sshkey.c | 96 ++++++++++++++------------------------------------ 11 files changed, 68 insertions(+), 133 deletions(-) diff --git a/kexdhc.c b/kexdhc.c index b367832d5..236075eec 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.24 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.25 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -136,13 +136,8 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) r = SSH_ERR_SIGNATURE_INVALID; goto out; } - /* DH parameter f, server public DH key */ - if ((dh_server_pub = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - /* signed H */ - if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 || + /* DH parameter f, server public DH key, signed H */ + if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; diff --git a/kexdhs.c b/kexdhs.c index c8be1b2f7..4e4872580 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.30 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.31 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -120,14 +120,10 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) } /* key, cert */ - if ((dh_client_pub = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || + if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; + DH_get0_key(kex->dh, &pub_key, NULL); #ifdef DEBUG_KEXDH fprintf(stderr, "dh_client_pub= "); diff --git a/kexgexc.c b/kexgexc.c index f2be35ab2..dec01fd4f 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -100,13 +100,8 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); - if ((p = BN_new()) == NULL || - (g = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshpkt_get_bignum2(ssh, p)) != 0 || - (r = sshpkt_get_bignum2(ssh, g)) != 0 || + if ((r = sshpkt_get_bignum2(ssh, &p)) != 0 || + (r = sshpkt_get_bignum2(ssh, &g)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; if ((bits = BN_num_bits(p)) < 0 || @@ -177,13 +172,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) r = SSH_ERR_SIGNATURE_INVALID; goto out; } - /* DH parameter f, server public DH key */ - if ((dh_server_pub = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - /* signed H */ - if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 || + /* DH parameter f, server public DH key, signed H */ + if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; diff --git a/kexgexs.c b/kexgexs.c index 3b2ad37e4..2a8997302 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.37 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.38 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -150,11 +150,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) } /* key, cert */ - if ((dh_client_pub = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || + if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; diff --git a/monitor_wrap.c b/monitor_wrap.c index 9e3c7cd17..186e8f022 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.111 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -202,12 +202,8 @@ mm_choose_dh(int min, int nbits, int max) if (success == 0) fatal("%s: MONITOR_ANS_MODULI failed", __func__); - if ((p = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - if ((g = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - if ((r = sshbuf_get_bignum2(m, p)) != 0 || - (r = sshbuf_get_bignum2(m, g)) != 0) + if ((r = sshbuf_get_bignum2(m, &p)) != 0 || + (r = sshbuf_get_bignum2(m, &g)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: remaining %zu", __func__, sshbuf_len(m)); diff --git a/packet.c b/packet.c index aa8be8c94..a162791b1 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.280 2019/01/19 21:33:14 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.281 2019/01/21 09:54:11 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2559,11 +2559,10 @@ sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g) } #endif /* OPENSSL_HAS_ECC */ - int -sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v) +sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp) { - return sshbuf_get_bignum2(ssh->state->incoming_packet, v); + return sshbuf_get_bignum2(ssh->state->incoming_packet, valp); } #endif /* WITH_OPENSSL */ diff --git a/packet.h b/packet.h index 74bb51108..98338f1f1 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.88 2019/01/19 21:33:14 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.89 2019/01/21 09:54:11 djm Exp $ */ /* * Author: Tatu Ylonen @@ -200,7 +200,7 @@ int sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp) int sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp); int sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp); int sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g); -int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v); +int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp); int sshpkt_get_end(struct ssh *ssh); void sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l); const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 2f5531752..599c7199d 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.14 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.16 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -151,15 +151,13 @@ ssh_ecdsa_verify(const struct sshkey *key, } /* parse signature */ - if ((sig = ECDSA_SIG_new()) == NULL || - (sig_r = BN_new()) == NULL || - (sig_s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 || + sshbuf_get_bignum2(sigbuf, &sig_s) != 0) { + ret = SSH_ERR_INVALID_FORMAT; goto out; } - if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 || - sshbuf_get_bignum2(sigbuf, sig_s) != 0) { - ret = SSH_ERR_INVALID_FORMAT; + if ((sig = ECDSA_SIG_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; goto out; } if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index a49b72ef7..3dd1e1446 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.6 2019/01/21 09:52:25 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.7 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -32,16 +32,25 @@ #include "sshbuf.h" int -sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v) +sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp) { + BIGNUM *v; const u_char *d; size_t len; int r; + if (valp != NULL) + *valp = NULL; if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) return r; - if (v != NULL && BN_bin2bn(d, len, v) == NULL) - return SSH_ERR_ALLOC_FAIL; + if (valp != NULL) { + if ((v = BN_new()) == NULL || + BN_bin2bn(d, len, v) == NULL) { + BN_clear_free(v); + return SSH_ERR_ALLOC_FAIL; + } + *valp = v; + } return 0; } diff --git a/sshbuf.h b/sshbuf.h index fa54b4950..7900b82ba 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.12 2019/01/21 09:52:25 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.13 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -212,7 +212,7 @@ int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp); #ifdef WITH_OPENSSL -int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); +int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp); int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); # ifdef OPENSSL_HAS_ECC int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); diff --git a/sshkey.c b/sshkey.c index 6555c5ef8..ad1957762 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.72 2018/10/11 00:52:46 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.73 2019/01/21 09:54:11 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2056,13 +2056,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, ret = SSH_ERR_ALLOC_FAIL; goto out; } - if ((rsa_e = BN_new()) == NULL || - (rsa_n = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_bignum2(b, rsa_e) != 0 || - sshbuf_get_bignum2(b, rsa_n) != 0) { + if (sshbuf_get_bignum2(b, &rsa_e) != 0 || + sshbuf_get_bignum2(b, &rsa_n) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; } @@ -2089,17 +2084,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, ret = SSH_ERR_ALLOC_FAIL; goto out; } - if ((dsa_p = BN_new()) == NULL || - (dsa_q = BN_new()) == NULL || - (dsa_g = BN_new()) == NULL || - (dsa_pub_key = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_bignum2(b, dsa_p) != 0 || - sshbuf_get_bignum2(b, dsa_q) != 0 || - sshbuf_get_bignum2(b, dsa_g) != 0 || - sshbuf_get_bignum2(b, dsa_pub_key) != 0) { + if (sshbuf_get_bignum2(b, &dsa_p) != 0 || + sshbuf_get_bignum2(b, &dsa_q) != 0 || + sshbuf_get_bignum2(b, &dsa_g) != 0 || + sshbuf_get_bignum2(b, &dsa_pub_key) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; } @@ -2941,19 +2929,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((dsa_p = BN_new()) == NULL || - (dsa_q = BN_new()) == NULL || - (dsa_g = BN_new()) == NULL || - (dsa_pub_key = BN_new()) == NULL || - (dsa_priv_key = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_q)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_g)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0) + if ((r = sshbuf_get_bignum2(buf, &dsa_p)) != 0 || + (r = sshbuf_get_bignum2(buf, &dsa_q)) != 0 || + (r = sshbuf_get_bignum2(buf, &dsa_g)) != 0 || + (r = sshbuf_get_bignum2(buf, &dsa_pub_key)) != 0 || + (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0) goto out; if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) { r = SSH_ERR_LIBCRYPTO_ERROR; @@ -2967,12 +2947,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) dsa_pub_key = dsa_priv_key = NULL; /* transferred */ break; case KEY_DSA_CERT: - if ((dsa_priv_key = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0) + (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0) goto out; if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) { r = SSH_ERR_LIBCRYPTO_ERROR; @@ -2997,12 +2973,12 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) goto out; } k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (k->ecdsa == NULL || (exponent = BN_new()) == NULL) { + if (k->ecdsa == NULL) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || - (r = sshbuf_get_bignum2(buf, exponent))) + (r = sshbuf_get_bignum2(buf, &exponent))) goto out; if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { r = SSH_ERR_LIBCRYPTO_ERROR; @@ -3014,12 +2990,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) goto out; break; case KEY_ECDSA_CERT: - if ((exponent = BN_new()) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, exponent)) != 0) + (r = sshbuf_get_bignum2(buf, &exponent)) != 0) goto out; if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { r = SSH_ERR_LIBCRYPTO_ERROR; @@ -3036,21 +3008,12 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((rsa_n = BN_new()) == NULL || - (rsa_e = BN_new()) == NULL || - (rsa_d = BN_new()) == NULL || - (rsa_iqmp = BN_new()) == NULL || - (rsa_p = BN_new()) == NULL || - (rsa_q = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_e)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_q)) != 0) + if ((r = sshbuf_get_bignum2(buf, &rsa_n)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_e)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0) goto out; if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) { r = SSH_ERR_LIBCRYPTO_ERROR; @@ -3068,18 +3031,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) goto out; break; case KEY_RSA_CERT: - if ((rsa_d = BN_new()) == NULL || - (rsa_iqmp = BN_new()) == NULL || - (rsa_p = BN_new()) == NULL || - (rsa_q = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, rsa_q)) != 0) + (r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 || + (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0) goto out; if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) { r = SSH_ERR_LIBCRYPTO_ERROR; -- cgit v1.2.3 From 5ae3f6d314465026d028af82609c1d49ad197655 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 09:55:52 +0000 Subject: upstream: save the derived session id in kex_derive_keys() rather than making each kex method implementation do it. from markus@ ok djm@ OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673 --- kex.c | 10 +++++++++- kexc25519c.c | 13 +------------ kexc25519s.c | 13 +------------ kexdhc.c | 13 +------------ kexdhs.c | 13 +------------ kexecdhc.c | 13 +------------ kexecdhs.c | 13 +------------ kexgexc.c | 13 +------------ kexgexs.c | 13 +------------ 9 files changed, 17 insertions(+), 97 deletions(-) diff --git a/kex.c b/kex.c index 30e1c261d..0d5618ecc 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.143 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1009,6 +1009,14 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, u_int i, j, mode, ctos; int r; + /* save initial hash as session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = malloc(kex->session_id_len); + if (kex->session_id == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(kex->session_id, hash, kex->session_id_len); + } for (i = 0; i < NKEYS; i++) { if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, shared_secret, &keys[i])) != 0) { diff --git a/kexc25519c.c b/kexc25519c.c index 75e7d8c57..59b4e4cc0 100644 --- a/kexc25519c.c +++ b/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.10 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.11 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -144,17 +144,6 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexc25519s.c b/kexc25519s.c index 9ff74d912..65df18c4b 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -121,17 +121,6 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) < 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/kexdhc.c b/kexdhc.c index 236075eec..a37452abd 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.25 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -188,17 +188,6 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexdhs.c b/kexdhs.c index 4e4872580..b7b64a82a 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.31 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -173,17 +173,6 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/kexecdhc.c b/kexecdhc.c index af556dc58..2cff34347 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.14 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.15 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -190,17 +190,6 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexecdhs.c b/kexecdhs.c index 45ac3f794..4ba2072df 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -156,17 +156,6 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/kexgexc.c b/kexgexc.c index dec01fd4f..0425309d4 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.31 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -229,17 +229,6 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexgexs.c b/kexgexs.c index 2a8997302..4ffbb1918 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.38 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.39 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -207,17 +207,6 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) -- cgit v1.2.3 From e93bd98eab79b9a78f64ee8dd4dffc4d3979c7ae Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:00:23 +0000 Subject: upstream: factor out DH keygen; it's identical between the client and the server from markus@ ok djm@ OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9 --- kex.h | 3 ++- kexdh.c | 28 +++++++++++++++++++++++++++- kexdhc.c | 28 +++------------------------- kexdhs.c | 35 +++++------------------------------ 4 files changed, 37 insertions(+), 57 deletions(-) diff --git a/kex.h b/kex.h index 085e60b52..4394e100b 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.95 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -202,6 +202,7 @@ int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); +int kex_dh_keygen(struct kex *); int kex_dh_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); diff --git a/kexdh.c b/kexdh.c index 34c55ef9f..916036994 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.27 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.28 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -39,10 +39,36 @@ #include "sshkey.h" #include "cipher.h" #include "kex.h" +#include "dh.h" #include "ssherr.h" #include "sshbuf.h" #include "digest.h" +int +kex_dh_keygen(struct kex *kex) +{ + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + kex->dh = dh_new_group1(); + break; + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + kex->dh = dh_new_group14(); + break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + if (kex->dh == NULL) + return SSH_ERR_ALLOC_FAIL; + return (dh_gen_key(kex->dh, kex->we_need * 8)); +} + int kex_dh_hash( int hash_alg, diff --git a/kexdhc.c b/kexdhc.c index a37452abd..a7ea0baad 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.27 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -41,10 +41,10 @@ #include "sshkey.h" #include "cipher.h" #include "digest.h" +#include "dh.h" #include "kex.h" #include "log.h" #include "packet.h" -#include "dh.h" #include "ssh2.h" #include "dispatch.h" #include "compat.h" @@ -61,31 +61,9 @@ kexdh_client(struct ssh *ssh) const BIGNUM *pub_key; /* generate and send 'e', client DH public key */ - switch (kex->kex_type) { - case KEX_DH_GRP1_SHA1: - kex->dh = dh_new_group1(); - break; - case KEX_DH_GRP14_SHA1: - case KEX_DH_GRP14_SHA256: - kex->dh = dh_new_group14(); - break; - case KEX_DH_GRP16_SHA512: - kex->dh = dh_new_group16(); - break; - case KEX_DH_GRP18_SHA512: - kex->dh = dh_new_group18(); - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (kex->dh == NULL) { - r = SSH_ERR_ALLOC_FAIL; + if ((r = kex_dh_keygen(kex)) != 0) goto out; - } debug("sending SSH2_MSG_KEXDH_INIT"); - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) - goto out; DH_get0_key(kex->dh, &pub_key, NULL); if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || diff --git a/kexdhs.c b/kexdhs.c index b7b64a82a..cd2e52e00 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.33 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -40,10 +40,10 @@ #include "sshkey.h" #include "cipher.h" #include "digest.h" +#include "dh.h" #include "kex.h" #include "log.h" #include "packet.h" -#include "dh.h" #include "ssh2.h" #include "dispatch.h" @@ -60,36 +60,11 @@ kexdh_server(struct ssh *ssh) int r; /* generate server DH public key */ - switch (kex->kex_type) { - case KEX_DH_GRP1_SHA1: - kex->dh = dh_new_group1(); - break; - case KEX_DH_GRP14_SHA1: - case KEX_DH_GRP14_SHA256: - kex->dh = dh_new_group14(); - break; - case KEX_DH_GRP16_SHA512: - kex->dh = dh_new_group16(); - break; - case KEX_DH_GRP18_SHA512: - kex->dh = dh_new_group18(); - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (kex->dh == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) - goto out; - + if ((r = kex_dh_keygen(kex)) != 0) + return r; debug("expecting SSH2_MSG_KEXDH_INIT"); ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); - r = 0; - out: - return r; + return 0; } int -- cgit v1.2.3 From dec5e9d33891e3bc3f1395d7db0e56fdc7f86dfc Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:03:37 +0000 Subject: upstream: factor out kex_dh_compute_key() - it's shared between plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@ OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec --- kex.h | 7 ++++--- kexdh.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++--- kexdhc.c | 45 +++++++++++---------------------------------- kexdhs.c | 54 ++++++++++++------------------------------------------ kexgex.c | 6 +++--- kexgexc.c | 45 +++++++++++---------------------------------- kexgexs.c | 58 ++++++++++++++-------------------------------------------- 7 files changed, 101 insertions(+), 163 deletions(-) diff --git a/kex.h b/kex.h index 4394e100b..a11bd5ae6 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.95 2019/01/21 10:00:23 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.96 2019/01/21 10:03:37 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -203,15 +203,16 @@ int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); int kex_dh_keygen(struct kex *); +int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *); int kex_dh_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, - const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); + const BIGNUM *, const BIGNUM *, const u_char *, size_t, u_char *, size_t *); int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, int, int, int, const BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, + const BIGNUM *, const u_char *, size_t, u_char *, size_t *); int kex_ecdh_hash(int, const EC_GROUP *, diff --git a/kexdh.c b/kexdh.c index 916036994..5324857b2 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.28 2019/01/21 10:00:23 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.29 2019/01/21 10:03:37 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -43,6 +43,7 @@ #include "ssherr.h" #include "sshbuf.h" #include "digest.h" +#include "dh.h" int kex_dh_keygen(struct kex *kex) @@ -69,6 +70,48 @@ kex_dh_keygen(struct kex *kex) return (dh_gen_key(kex->dh, kex->we_need * 8)); } +int +kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out) +{ + BIGNUM *shared_secret = NULL; + u_char *kbuf = NULL; + size_t klen = 0; + int kout, r; + +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_pub= "); + BN_print_fp(stderr, dh_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_pub)); + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "\n"); +#endif + + if (!dh_pub_is_valid(kex->dh, dh_pub)) { + r = SSH_ERR_MESSAGE_INCOMPLETE; + goto out; + } + klen = DH_size(kex->dh); + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((kout = DH_compute_key(kbuf, dh_pub, kex->dh)) < 0 || + BN_bin2bn(kbuf, kout, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, kout); +#endif + r = sshbuf_put_bignum2(out, shared_secret); + out: + freezero(kbuf, klen); + BN_clear_free(shared_secret); + return r; +} + int kex_dh_hash( int hash_alg, @@ -79,7 +122,7 @@ kex_dh_hash( const u_char *serverhostkeyblob, size_t sbloblen, const BIGNUM *client_dh_pub, const BIGNUM *server_dh_pub, - const BIGNUM *shared_secret, + const u_char *shared_secret, size_t secretlen, u_char *hash, size_t *hashlen) { struct sshbuf *b; @@ -101,7 +144,7 @@ kex_dh_hash( (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || - (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { + (r = sshbuf_put(b, shared_secret, secretlen)) != 0) { sshbuf_free(b); return r; } diff --git a/kexdhc.c b/kexdhc.c index a7ea0baad..2e26f22ea 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.27 2019/01/21 10:00:23 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.28 2019/01/21 10:03:37 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -86,13 +86,14 @@ static int input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; - BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; + BIGNUM *dh_server_pub = NULL; const BIGNUM *pub_key; struct sshkey *server_host_key = NULL; - u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL; + struct sshbuf *shared_secret = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t klen = 0, slen, sbloblen, hashlen; - int kout, r; + size_t slen, sbloblen, hashlen; + int r; if (kex->verify_host_key == NULL) { r = SSH_ERR_INVALID_ARGUMENT; @@ -119,32 +120,12 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_server_pub= "); - BN_print_fp(stderr, dh_server_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_server_pub)); -#endif - if (!dh_pub_is_valid(kex->dh, dh_server_pub)) { - sshpkt_disconnect(ssh, "bad server public DH value"); - r = SSH_ERR_MESSAGE_INCOMPLETE; - goto out; - } - - klen = DH_size(kex->dh); - if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { + if ((shared_secret = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 || - BN_bin2bn(kbuf, kout, shared_secret) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; + if ((r = kex_dh_compute_key(kex, dh_server_pub, shared_secret)) != 0) goto out; - } -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif /* calc and verify H */ DH_get0_key(kex->dh, &pub_key, NULL); @@ -158,7 +139,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) server_host_key_blob, sbloblen, pub_key, dh_server_pub, - shared_secret, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), hash, &hashlen)) != 0) goto out; @@ -166,18 +147,14 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat)) != 0) goto out; - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); kex->dh = NULL; BN_clear_free(dh_server_pub); - if (kbuf) { - explicit_bzero(kbuf, klen); - free(kbuf); - } - BN_clear_free(shared_secret); + sshbuf_free(shared_secret); sshkey_free(server_host_key); free(server_host_key_blob); free(signature); diff --git a/kexdhs.c b/kexdhs.c index cd2e52e00..0f028aaeb 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.33 2019/01/21 10:00:23 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.34 2019/01/21 10:03:37 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -71,14 +71,15 @@ int input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; - BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; + BIGNUM *dh_client_pub = NULL; const BIGNUM *pub_key; struct sshkey *server_host_public, *server_host_private; - u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; + struct sshbuf *shared_secret = NULL; + u_char *signature = NULL, *server_host_key_blob = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; size_t sbloblen, slen; - size_t klen = 0, hashlen; - int kout, r; + size_t hashlen; + int r; if (kex->load_host_public_key == NULL || kex->load_host_private_key == NULL) { @@ -98,42 +99,17 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; - DH_get0_key(kex->dh, &pub_key, NULL); - -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_client_pub= "); - BN_print_fp(stderr, dh_client_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_client_pub)); - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, pub_key); - fprintf(stderr, "\n"); -#endif - if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { - sshpkt_disconnect(ssh, "bad client public DH value"); - r = SSH_ERR_MESSAGE_INCOMPLETE; - goto out; - } - - klen = DH_size(kex->dh); - if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { + if ((shared_secret = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((kout = DH_compute_key(kbuf, dh_client_pub, kex->dh)) < 0 || - BN_bin2bn(kbuf, kout, shared_secret) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; + if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0) goto out; - } -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, &sbloblen)) != 0) goto out; /* calc H */ + DH_get0_key(kex->dh, &pub_key, NULL); hashlen = sizeof(hash); if ((r = kex_dh_hash( kex->hash_alg, @@ -144,7 +120,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) server_host_key_blob, sbloblen, dh_client_pub, pub_key, - shared_secret, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), hash, &hashlen)) != 0) goto out; @@ -153,8 +129,6 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; - /* destroy_sensitive_data(); */ - /* send server hostkey, DH pubkey 'f' and signed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || @@ -163,18 +137,14 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_send(ssh)) != 0) goto out; - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); kex->dh = NULL; BN_clear_free(dh_client_pub); - if (kbuf) { - explicit_bzero(kbuf, klen); - free(kbuf); - } - BN_clear_free(shared_secret); + sshbuf_free(shared_secret); free(server_host_key_blob); free(signature); return r; diff --git a/kexgex.c b/kexgex.c index a5d591b0a..f828f2b20 100644 --- a/kexgex.c +++ b/kexgex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgex.c,v 1.30 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexgex.c,v 1.31 2019/01/21 10:03:37 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -56,7 +56,7 @@ kexgex_hash( const BIGNUM *gen, const BIGNUM *client_dh_pub, const BIGNUM *server_dh_pub, - const BIGNUM *shared_secret, + const u_char *shared_secret, size_t secretlen, u_char *hash, size_t *hashlen) { struct sshbuf *b; @@ -83,7 +83,7 @@ kexgex_hash( (r = sshbuf_put_bignum2(b, gen)) != 0 || (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || - (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { + (r = sshbuf_put(b, shared_secret, secretlen)) != 0) { sshbuf_free(b); return r; } diff --git a/kexgexc.c b/kexgexc.c index 0425309d4..600d91acc 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.31 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.32 2019/01/21 10:03:37 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -143,13 +143,14 @@ static int input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; - BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; + BIGNUM *dh_server_pub = NULL; const BIGNUM *pub_key, *dh_p, *dh_g; + struct sshbuf *shared_secret = NULL; struct sshkey *server_host_key = NULL; - u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; + u_char *signature = NULL, *server_host_key_blob = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t klen = 0, slen, sbloblen, hashlen; - int kout, r; + size_t slen, sbloblen, hashlen; + int r; debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); if (kex->verify_host_key == NULL) { @@ -177,32 +178,12 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_server_pub= "); - BN_print_fp(stderr, dh_server_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_server_pub)); -#endif - if (!dh_pub_is_valid(kex->dh, dh_server_pub)) { - sshpkt_disconnect(ssh, "bad server public DH value"); - r = SSH_ERR_MESSAGE_INCOMPLETE; - goto out; - } - - klen = DH_size(kex->dh); - if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { + if ((shared_secret = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 || - BN_bin2bn(kbuf, kout, shared_secret) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; + if ((r = kex_dh_compute_key(kex, dh_server_pub, shared_secret)) != 0) goto out; - } -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif if (ssh->compat & SSH_OLD_DHGEX) kex->min = kex->max = -1; @@ -221,7 +202,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) dh_p, dh_g, pub_key, dh_server_pub, - shared_secret, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), hash, &hashlen)) != 0) goto out; @@ -229,18 +210,14 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); kex->dh = NULL; BN_clear_free(dh_server_pub); - if (kbuf) { - explicit_bzero(kbuf, klen); - free(kbuf); - } - BN_clear_free(shared_secret); + sshbuf_free(shared_secret); sshkey_free(server_host_key); free(server_host_key_blob); free(signature); diff --git a/kexgexs.c b/kexgexs.c index 4ffbb1918..f8eb36545 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.39 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.40 2019/01/21 10:03:37 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -126,14 +126,15 @@ static int input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; - BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; + BIGNUM *dh_client_pub = NULL; const BIGNUM *pub_key, *dh_p, *dh_g; + struct sshbuf *shared_secret = NULL; struct sshkey *server_host_public, *server_host_private; - u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; + u_char *signature = NULL, *server_host_key_blob = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; size_t sbloblen, slen; - size_t klen = 0, hashlen; - int kout, r; + size_t hashlen; + int r; if (kex->load_host_public_key == NULL || kex->load_host_private_key == NULL) { @@ -153,44 +154,19 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; - - DH_get0_key(kex->dh, &pub_key, NULL); - DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); - -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_client_pub= "); - BN_print_fp(stderr, dh_client_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_client_pub)); - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, pub_key); - fprintf(stderr, "\n"); -#endif - if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { - sshpkt_disconnect(ssh, "bad client public DH value"); - r = SSH_ERR_MESSAGE_INCOMPLETE; - goto out; - } - - klen = DH_size(kex->dh); - if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { + if ((shared_secret = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((kout = DH_compute_key(kbuf, dh_client_pub, kex->dh)) < 0 || - BN_bin2bn(kbuf, kout, shared_secret) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; + if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0) goto out; - } -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, &sbloblen)) != 0) goto out; + /* calc H */ + DH_get0_key(kex->dh, &pub_key, NULL); + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); hashlen = sizeof(hash); if ((r = kexgex_hash( kex->hash_alg, @@ -203,7 +179,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) dh_p, dh_g, dh_client_pub, pub_key, - shared_secret, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), hash, &hashlen)) != 0) goto out; @@ -212,8 +188,6 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; - /* destroy_sensitive_data(); */ - /* send server hostkey, DH pubkey 'f' and signed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || @@ -222,18 +196,14 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_send(ssh)) != 0) goto out; - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); kex->dh = NULL; BN_clear_free(dh_client_pub); - if (kbuf) { - explicit_bzero(kbuf, klen); - free(kbuf); - } - BN_clear_free(shared_secret); + sshbuf_free(shared_secret); free(server_host_key_blob); free(signature); return r; -- cgit v1.2.3 From bb39bafb6dc520cc097780f4611a52da7f19c3e2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:05:09 +0000 Subject: upstream: factor out kex_load_hostkey() - this is duplicated in both the client and server implementations for most KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c --- kex.c | 20 +++++++++++++++++++- kex.h | 3 ++- kexc25519s.c | 17 +++-------------- kexdhs.c | 16 +++------------- kexecdhs.c | 16 +++------------- kexgexs.c | 16 +++------------- 6 files changed, 33 insertions(+), 55 deletions(-) diff --git a/kex.c b/kex.c index 0d5618ecc..a0d13a880 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1052,6 +1052,24 @@ kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, } #endif +int +kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp) +{ + struct kex *kex = ssh->kex; + + *pubp = NULL; + *prvp = NULL; + if (kex->load_host_public_key == NULL || + kex->load_host_private_key == NULL) + return SSH_ERR_INVALID_ARGUMENT; + *pubp = kex->load_host_public_key(kex->hostkey_type, + kex->hostkey_nid, ssh); + *prvp = kex->load_host_private_key(kex->hostkey_type, + kex->hostkey_nid, ssh); + if (*pubp == NULL) + return SSH_ERR_NO_HOSTKEY_LOADED; + return 0; +} #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void diff --git a/kex.h b/kex.h index a11bd5ae6..fa65b8657 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.96 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.97 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -184,6 +184,7 @@ void kex_free(struct kex *); int kex_buf2prop(struct sshbuf *, int *, char ***); int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); void kex_prop_free(char **); +int kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **); int kex_send_kexinit(struct ssh *); int kex_input_kexinit(int, u_int32_t, struct ssh *); diff --git a/kexc25519s.c b/kexc25519s.c index 65df18c4b..d7cc70fee 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.15 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -70,20 +70,9 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) #ifdef DEBUG_KEXECDH dump_digest("server private key:", server_key, sizeof(server_key)); #endif - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } - if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; diff --git a/kexdhs.c b/kexdhs.c index 0f028aaeb..e33901bbf 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.34 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.35 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -81,19 +81,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) size_t hashlen; int r; - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } /* key, cert */ if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || diff --git a/kexecdhs.c b/kexecdhs.c index 4ba2072df..b9254eed7 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.21 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -89,19 +89,9 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) sshkey_dump_ec_key(server_key); #endif - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } if ((client_public = EC_POINT_new(group)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; diff --git a/kexgexs.c b/kexgexs.c index f8eb36545..a617d4453 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.40 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.41 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -136,19 +136,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) size_t hashlen; int r; - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } /* key, cert */ if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || -- cgit v1.2.3 From b1b2ff4ed559051d1035419f8f236275fa66d5d6 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:07:22 +0000 Subject: upstream: factor out kex_verify_hostkey() - again, duplicated almost exactly across client and server for several KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c --- kex.c | 18 +++++++++++++++++- kex.h | 3 ++- kexc25519c.c | 17 ++--------------- kexdhc.c | 16 ++-------------- kexecdhc.c | 16 ++-------------- kexgexc.c | 16 ++-------------- 6 files changed, 27 insertions(+), 59 deletions(-) diff --git a/kex.c b/kex.c index a0d13a880..d8c71bb3e 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1071,6 +1071,22 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp) return 0; } +int +kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key) +{ + struct kex *kex = ssh->kex; + + if (kex->verify_host_key == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (server_host_key->type != kex->hostkey_type || + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) + return SSH_ERR_KEY_TYPE_MISMATCH; + if (kex->verify_host_key(server_host_key, ssh) == -1) + return SSH_ERR_SIGNATURE_INVALID; + return 0; +} + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void dump_digest(char *msg, u_char *digest, int len) diff --git a/kex.h b/kex.h index fa65b8657..e404d0365 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.97 2019/01/21 10:05:09 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.98 2019/01/21 10:07:22 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -185,6 +185,7 @@ int kex_buf2prop(struct sshbuf *, int *, char ***); int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); void kex_prop_free(char **); int kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **); +int kex_verify_host_key(struct ssh *, struct sshkey *); int kex_send_kexinit(struct ssh *); int kex_input_kexinit(int, u_int32_t, struct ssh *); diff --git a/kexc25519c.c b/kexc25519c.c index 59b4e4cc0..1c7f79000 100644 --- a/kexc25519c.c +++ b/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.11 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.12 2019/01/21 10:07:22 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -80,27 +80,14 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) size_t slen, pklen, sbloblen, hashlen; int r; - if (kex->verify_host_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - /* hostkey */ if ((r = sshpkt_get_string(ssh, &server_host_key_blob, &sbloblen)) != 0 || (r = sshkey_from_blob(server_host_key_blob, sbloblen, &server_host_key)) != 0) goto out; - if (server_host_key->type != kex->hostkey_type || - (kex->hostkey_type == KEY_ECDSA && - server_host_key->ecdsa_nid != kex->hostkey_nid)) { - r = SSH_ERR_KEY_TYPE_MISMATCH; + if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) goto out; - } - if (kex->verify_host_key(server_host_key, ssh) == -1) { - r = SSH_ERR_SIGNATURE_INVALID; - goto out; - } /* Q_S, server public key */ /* signed H */ diff --git a/kexdhc.c b/kexdhc.c index 2e26f22ea..a2af8cb08 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.28 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.29 2019/01/21 10:07:22 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -95,26 +95,14 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) size_t slen, sbloblen, hashlen; int r; - if (kex->verify_host_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } /* key, cert */ if ((r = sshpkt_get_string(ssh, &server_host_key_blob, &sbloblen)) != 0 || (r = sshkey_from_blob(server_host_key_blob, sbloblen, &server_host_key)) != 0) goto out; - if (server_host_key->type != kex->hostkey_type || - (kex->hostkey_type == KEY_ECDSA && - server_host_key->ecdsa_nid != kex->hostkey_nid)) { - r = SSH_ERR_KEY_TYPE_MISMATCH; + if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) goto out; - } - if (kex->verify_host_key(server_host_key, ssh) == -1) { - r = SSH_ERR_SIGNATURE_INVALID; - goto out; - } /* DH parameter f, server public DH key, signed H */ if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || diff --git a/kexecdhc.c b/kexecdhc.c index 2cff34347..bfb9f4707 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.15 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.16 2019/01/21 10:07:22 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -109,10 +109,6 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) size_t klen = 0, hashlen; int r; - if (kex->verify_host_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } group = kex->ec_group; client_key = kex->ec_client_key; @@ -122,16 +118,8 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) (r = sshkey_from_blob(server_host_key_blob, sbloblen, &server_host_key)) != 0) goto out; - if (server_host_key->type != kex->hostkey_type || - (kex->hostkey_type == KEY_ECDSA && - server_host_key->ecdsa_nid != kex->hostkey_nid)) { - r = SSH_ERR_KEY_TYPE_MISMATCH; + if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) goto out; - } - if (kex->verify_host_key(server_host_key, ssh) == -1) { - r = SSH_ERR_SIGNATURE_INVALID; - goto out; - } /* Q_S, server public key */ /* signed H */ diff --git a/kexgexc.c b/kexgexc.c index 600d91acc..ac42127af 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.32 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -153,26 +153,14 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) int r; debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); - if (kex->verify_host_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } /* key, cert */ if ((r = sshpkt_get_string(ssh, &server_host_key_blob, &sbloblen)) != 0 || (r = sshkey_from_blob(server_host_key_blob, sbloblen, &server_host_key)) != 0) goto out; - if (server_host_key->type != kex->hostkey_type || - (kex->hostkey_type == KEY_ECDSA && - server_host_key->ecdsa_nid != kex->hostkey_nid)) { - r = SSH_ERR_KEY_TYPE_MISMATCH; + if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) goto out; - } - if (kex->verify_host_key(server_host_key, ssh) == -1) { - r = SSH_ERR_SIGNATURE_INVALID; - goto out; - } /* DH parameter f, server public DH key, signed H */ if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || -- cgit v1.2.3 From dfd591618cdf2c96727ac0eb65f89cf54af0d97e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:20:12 +0000 Subject: upstream: Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7 --- Makefile.in | 2 + crypto_api.h | 18 +- kex.c | 7 +- kex.h | 25 +- kexc25519.c | 47 +- kexc25519c.c | 10 +- kexc25519s.c | 8 +- kexkemc.c | 128 ++++++ kexkems.c | 116 +++++ kexsntrup4591761x25519.c | 213 +++++++++ monitor.c | 3 +- sntrup4591761.c | 1068 ++++++++++++++++++++++++++++++++++++++++++++++ sntrup4591761.sh | 47 ++ ssh-keyscan.c | 3 +- ssh_api.c | 4 +- sshconnect2.c | 3 +- sshd.c | 3 +- 17 files changed, 1665 insertions(+), 40 deletions(-) create mode 100644 kexkemc.c create mode 100644 kexkems.c create mode 100644 kexsntrup4591761x25519.c create mode 100644 sntrup4591761.c create mode 100644 sntrup4591761.sh diff --git a/Makefile.in b/Makefile.in index 7b5de6039..2b22e9f47 100644 --- a/Makefile.in +++ b/Makefile.in @@ -100,8 +100,10 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ + sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \ platform-pledge.o platform-tracing.o platform-misc.o + SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect2.o mux.o diff --git a/crypto_api.h b/crypto_api.h index 7f45bbd69..eb05251ff 100644 --- a/crypto_api.h +++ b/crypto_api.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_api.h,v 1.4 2017/12/14 21:07:39 naddy Exp $ */ +/* $OpenBSD: crypto_api.h,v 1.5 2019/01/21 10:20:12 djm Exp $ */ /* * Assembled from generated headers and source files by Markus Friedl. @@ -15,10 +15,15 @@ #endif #include +typedef int8_t crypto_int8; +typedef uint8_t crypto_uint8; +typedef int16_t crypto_int16; +typedef uint16_t crypto_uint16; typedef int32_t crypto_int32; typedef uint32_t crypto_uint32; #define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) +#define small_random32() arc4random() #define crypto_hash_sha512_BYTES 64U @@ -37,4 +42,15 @@ int crypto_sign_ed25519_open(unsigned char *, unsigned long long *, const unsigned char *, unsigned long long, const unsigned char *); int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *); +#define crypto_kem_sntrup4591761_PUBLICKEYBYTES 1218 +#define crypto_kem_sntrup4591761_SECRETKEYBYTES 1600 +#define crypto_kem_sntrup4591761_CIPHERTEXTBYTES 1047 +#define crypto_kem_sntrup4591761_BYTES 32 + +int crypto_kem_sntrup4591761_enc(unsigned char *cstr, unsigned char *k, + const unsigned char *pk); +int crypto_kem_sntrup4591761_dec(unsigned char *k, + const unsigned char *cstr, const unsigned char *sk); +int crypto_kem_sntrup4591761_keypair(unsigned char *pk, unsigned char *sk); + #endif /* crypto_api_h */ diff --git a/kex.c b/kex.c index d8c71bb3e..0dba2cefa 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.147 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -108,6 +108,8 @@ static const struct kexalg kexalgs[] = { #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, + { KEX_SNTRUP4591761X25519_SHA512, KEX_KEM_SNTRUP4591761X25519_SHA512, 0, + SSH_DIGEST_SHA512 }, #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ { NULL, -1, -1, -1}, }; @@ -653,6 +655,7 @@ kex_free(struct kex *kex) sshbuf_free(kex->my); sshbuf_free(kex->client_version); sshbuf_free(kex->server_version); + sshbuf_free(kex->kem_client_pub); free(kex->session_id); free(kex->failed_choice); free(kex->hostkey_alg); @@ -1089,7 +1092,7 @@ kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key) #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void -dump_digest(char *msg, u_char *digest, int len) +dump_digest(const char *msg, const u_char *digest, int len) { fprintf(stderr, "%s\n", msg); sshbuf_dump_data(digest, len, stderr); diff --git a/kex.h b/kex.h index e404d0365..258a64712 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.98 2019/01/21 10:07:22 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.99 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -27,6 +27,7 @@ #define KEX_H #include "mac.h" +#include "crypto_api.h" #ifdef WITH_LEAKMALLOC #include "leakmalloc.h" @@ -62,6 +63,7 @@ #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" #define KEX_CURVE25519_SHA256 "curve25519-sha256" #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" +#define KEX_SNTRUP4591761X25519_SHA512 "sntrup4591761x25519-sha512@tinyssh.org" #define COMP_NONE 0 /* pre-auth compression (COMP_ZLIB) is only supported in the client */ @@ -100,6 +102,7 @@ enum kex_exchange { KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, KEX_C25519_SHA256, + KEX_KEM_SNTRUP4591761X25519_SHA512, KEX_MAX }; @@ -164,8 +167,10 @@ struct kex { u_int min, max, nbits; /* GEX */ EC_KEY *ec_client_key; /* ECDH */ const EC_GROUP *ec_group; /* ECDH */ - u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */ + u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */ u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ + u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */ + struct sshbuf *kem_client_pub; /* KEM */ }; int kex_names_valid(const char *); @@ -203,6 +208,14 @@ int kexecdh_client(struct ssh *); int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); +int kex_kem_client(struct ssh *); +int kex_kem_server(struct ssh *); + +int kex_kem_sntrup4591761x25519_keypair(struct kex *); +int kex_kem_sntrup4591761x25519_enc(struct kex *, const u_char *, size_t, + struct sshbuf **, struct sshbuf **); +int kex_kem_sntrup4591761x25519_dec(struct kex *, const u_char *, size_t, + struct sshbuf **); int kex_dh_keygen(struct kex *); int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *); @@ -224,7 +237,7 @@ int kex_ecdh_hash(int, const EC_GROUP *, int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, - const u_char *, size_t, const u_char *, const u_char *, + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, u_char *, size_t *); void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) @@ -234,9 +247,13 @@ int kexc25519_shared_key(const u_char key[CURVE25519_SIZE], const u_char pub[CURVE25519_SIZE], struct sshbuf *out) __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); +int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE], + const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) -void dump_digest(char *, u_char *, int); +void dump_digest(const char *, const u_char *, int); #endif #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) diff --git a/kexc25519.c b/kexc25519.c index acddcab37..3911baf14 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.12 2019/01/21 09:49:37 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.13 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -60,8 +60,8 @@ kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) } int -kexc25519_shared_key(const u_char key[CURVE25519_SIZE], - const u_char pub[CURVE25519_SIZE], struct sshbuf *out) +kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE], + const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int raw) { u_char shared_key[CURVE25519_SIZE]; u_char zero[CURVE25519_SIZE]; @@ -77,12 +77,21 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE], #ifdef DEBUG_KEXECDH dump_digest("shared secret", shared_key, CURVE25519_SIZE); #endif - sshbuf_reset(out); - r = sshbuf_put_bignum2_bytes(out, shared_key, CURVE25519_SIZE); + if (raw) + r = sshbuf_put(out, shared_key, CURVE25519_SIZE); + else + r = sshbuf_put_bignum2_bytes(out, shared_key, CURVE25519_SIZE); explicit_bzero(shared_key, CURVE25519_SIZE); return r; } +int +kexc25519_shared_key(const u_char key[CURVE25519_SIZE], + const u_char pub[CURVE25519_SIZE], struct sshbuf *out) +{ + return kexc25519_shared_key_ext(key, pub, out, 0); +} + int kex_c25519_hash( int hash_alg, @@ -91,8 +100,8 @@ kex_c25519_hash( const u_char *ckexinit, size_t ckexinitlen, const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, - const u_char client_dh_pub[CURVE25519_SIZE], - const u_char server_dh_pub[CURVE25519_SIZE], + const u_char *client_pub, size_t client_pub_len, + const u_char *server_pub, size_t server_pub_len, const u_char *shared_secret, size_t secretlen, u_char *hash, size_t *hashlen) { @@ -103,19 +112,19 @@ kex_c25519_hash( return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_stringb(b, client_version)) < 0 || - (r = sshbuf_put_stringb(b, server_version)) < 0 || + if ((r = sshbuf_put_stringb(b, client_version)) != 0 || + (r = sshbuf_put_stringb(b, server_version)) != 0 || /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen+1)) < 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) < 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) < 0 || - (r = sshbuf_put_u32(b, skexinitlen+1)) < 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) < 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) < 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) < 0 || - (r = sshbuf_put_string(b, client_dh_pub, CURVE25519_SIZE)) < 0 || - (r = sshbuf_put_string(b, server_dh_pub, CURVE25519_SIZE)) < 0 || - (r = sshbuf_put(b, shared_secret, secretlen)) < 0) { + (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (r = sshbuf_put_string(b, client_pub, client_pub_len)) != 0 || + (r = sshbuf_put_string(b, server_pub, server_pub_len)) != 0 || + (r = sshbuf_put(b, shared_secret, secretlen)) != 0) { sshbuf_free(b); return r; } diff --git a/kexc25519c.c b/kexc25519c.c index 1c7f79000..cc6e54cc7 100644 --- a/kexc25519c.c +++ b/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.12 2019/01/21 10:07:22 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.13 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -109,7 +109,7 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) goto out; } if ((r = kexc25519_shared_key(kex->c25519_client_key, server_pubkey, - shared_secret)) < 0) + shared_secret)) != 0) goto out; /* calc and verify H */ @@ -121,10 +121,10 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, - kex->c25519_client_pubkey, - server_pubkey, + kex->c25519_client_pubkey, sizeof(kex->c25519_client_pubkey), + server_pubkey, pklen, sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), - hash, &hashlen)) < 0) + hash, &hashlen)) != 0) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, diff --git a/kexc25519s.c b/kexc25519s.c index d7cc70fee..ace4d5c79 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.15 2019/01/21 10:05:09 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.16 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -104,10 +104,10 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, - client_pubkey, - server_pubkey, + client_pubkey, pklen, + server_pubkey, sizeof(server_pubkey), sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), - hash, &hashlen)) < 0) + hash, &hashlen)) != 0) goto out; /* sign H */ diff --git a/kexkemc.c b/kexkemc.c new file mode 100644 index 000000000..47f15c30c --- /dev/null +++ b/kexkemc.c @@ -0,0 +1,128 @@ +/* $OpenBSD: kexkemc.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ +/* + * Copyright (c) 2019 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include +#include + +#include "sshkey.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "ssh2.h" +#include "sshbuf.h" +#include "digest.h" +#include "ssherr.h" + +static int +input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh); + +int +kex_kem_client(struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + int r; + + if ((r = kex_kem_sntrup4591761x25519_keypair(kex)) != 0) + return r; + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || + (r = sshpkt_put_stringb(ssh, kex->kem_client_pub)) != 0 || + (r = sshpkt_send(ssh)) != 0) + return r; + debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); + ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_kem_reply); + return 0; +} + +static int +input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + struct sshkey *server_host_key = NULL; + struct sshbuf *shared_secret = NULL; + u_char *server_pubkey = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t slen, pklen, sbloblen, hashlen; + int r; + + /* hostkey */ + if ((r = sshpkt_get_string(ssh, &server_host_key_blob, + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) + goto out; + if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) + goto out; + + /* Q_S, server public key */ + /* signed H */ + if ((r = sshpkt_get_string(ssh, &server_pubkey, &pklen)) != 0 || + (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; + + /* compute shared secret */ + if ((r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen, + &shared_secret)) != 0) + goto out; + + /* calc and verify H */ + hashlen = sizeof(hash); + if ((r = kex_c25519_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + sshbuf_ptr(kex->kem_client_pub), sshbuf_len(kex->kem_client_pub), + server_pubkey, pklen, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), + hash, &hashlen)) != 0) + goto out; + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, + kex->hostkey_alg, ssh->compat)) != 0) + goto out; + + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); +out: + explicit_bzero(hash, sizeof(hash)); + explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); + explicit_bzero(kex->sntrup4591761_client_key, + sizeof(kex->sntrup4591761_client_key)); + free(server_host_key_blob); + free(server_pubkey); + free(signature); + sshkey_free(server_host_key); + sshbuf_free(shared_secret); + sshbuf_free(kex->kem_client_pub); + kex->kem_client_pub = NULL; + return r; +} diff --git a/kexkems.c b/kexkems.c new file mode 100644 index 000000000..43cf82018 --- /dev/null +++ b/kexkems.c @@ -0,0 +1,116 @@ +/* $OpenBSD: kexkems.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ +/* + * Copyright (c) 2019 Markus Friedl. All rights reserved. + * + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include + +#include "sshkey.h" +#include "digest.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "ssh2.h" +#include "sshbuf.h" +#include "ssherr.h" + +static int input_kex_kem_init(int, u_int32_t, struct ssh *); + +int +kex_kem_server(struct ssh *ssh) +{ + debug("expecting SSH2_MSG_KEX_ECDH_INIT"); + ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_kem_init); + return 0; +} + +static int +input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + struct sshkey *server_host_private, *server_host_public; + struct sshbuf *shared_secret = NULL; + struct sshbuf *server_pubkey = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char *client_pubkey = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t slen, pklen, sbloblen, hashlen; + int r; + + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) + goto out; + + if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; + + /* compute shared secret */ + if ((r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey, pklen, + &server_pubkey, &shared_secret)) != 0) + goto out; + + /* calc H */ + if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, + &sbloblen)) != 0) + goto out; + hashlen = sizeof(hash); + if ((r = kex_c25519_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + server_host_key_blob, sbloblen, + client_pubkey, pklen, + sshbuf_ptr(server_pubkey), sshbuf_len(server_pubkey), + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), + hash, &hashlen)) != 0) + goto out; + + /* sign H */ + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) != 0) + goto out; + + /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 || + (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || + (r = sshpkt_put_stringb(ssh, server_pubkey)) != 0 || + (r = sshpkt_put_string(ssh, signature, slen)) != 0 || + (r = sshpkt_send(ssh)) != 0) + goto out; + + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); +out: + explicit_bzero(hash, sizeof(hash)); + free(server_host_key_blob); + free(signature); + free(client_pubkey); + sshbuf_free(shared_secret); + sshbuf_free(server_pubkey); + return r; +} diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c new file mode 100644 index 000000000..ffe05f420 --- /dev/null +++ b/kexsntrup4591761x25519.c @@ -0,0 +1,213 @@ +/* $OpenBSD: kexsntrup4591761x25519.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ +/* + * Copyright (c) 2019 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include +#include + +#include "sshkey.h" +#include "kex.h" +#include "sshbuf.h" +#include "digest.h" +#include "ssherr.h" + +int +kex_kem_sntrup4591761x25519_keypair(struct kex *kex) +{ + struct sshbuf *buf = NULL; + u_char *cp = NULL; + size_t need; + int r; + + if ((buf = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE; + if ((r = sshbuf_reserve(buf, need, &cp)) != 0) + goto out; + crypto_kem_sntrup4591761_keypair(cp, kex->sntrup4591761_client_key); +#ifdef DEBUG_KEXECDH + dump_digest("client public key sntrup4591761:", cp, + crypto_kem_sntrup4591761_PUBLICKEYBYTES); +#endif + cp += crypto_kem_sntrup4591761_PUBLICKEYBYTES; + kexc25519_keygen(kex->c25519_client_key, cp); +#ifdef DEBUG_KEXECDH + dump_digest("client public key c25519:", cp, CURVE25519_SIZE); +#endif + kex->kem_client_pub = buf; + buf = NULL; + out: + sshbuf_free(buf); + return r; +} + +int +kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, + size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +{ + struct sshbuf *server_blob = NULL; + struct sshbuf *buf = NULL; + u_char *kem_key, *ciphertext, *server_pub; + u_char server_key[CURVE25519_SIZE]; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t need; + int r; + + *server_blobp = NULL; + *shared_secretp = NULL; + + /* pkblob contains both KEM and ECDH client pubkeys */ + need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE; + if (pklen != need) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } +#ifdef DEBUG_KEXECDH + dump_digest("client public key sntrup4591761:", pkblob, + crypto_kem_sntrup4591761_PUBLICKEYBYTES); + dump_digest("client public key 25519:", + pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, CURVE25519_SIZE); +#endif + /* allocate buffer for concatenation of KEM key and ECDH shared key */ + /* the buffer will be hashed and the result is the shared secret */ + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES, + &kem_key)) != 0) + goto out; + /* allocate space for encrypted KEM key and ECDH pub key */ + if ((server_blob = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE; + if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0) + goto out; + /* generate and encrypt KEM key with client key */ + crypto_kem_sntrup4591761_enc(ciphertext, kem_key, pkblob); + /* generate ECDH key pair, store server pubkey after ciphertext */ + server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; + kexc25519_keygen(server_key, server_pub); + /* append ECDH shared key */ + if ((r = kexc25519_shared_key_ext(server_key, + pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, buf, 1)) < 0) + goto out; + if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0) + goto out; +#ifdef DEBUG_KEXECDH + dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE); + dump_digest("server cipher text:", ciphertext, + crypto_kem_sntrup4591761_CIPHERTEXTBYTES); + dump_digest("server kem key:", kem_key, sizeof(kem_key)); + dump_digest("concatenation of KEM key and ECDH shared key:", + sshbuf_ptr(buf), sshbuf_len(buf)); +#endif + /* string-encoded hash is resulting shared secret */ + sshbuf_reset(buf); + if ((r = sshbuf_put_string(buf, hash, + ssh_digest_bytes(kex->hash_alg))) != 0) + goto out; +#ifdef DEBUG_KEXECDH + dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf)); +#endif + *server_blobp = server_blob; + *shared_secretp = buf; + server_blob = NULL; + buf = NULL; + out: + explicit_bzero(hash, sizeof(hash)); + explicit_bzero(server_key, sizeof(server_key)); + sshbuf_free(server_blob); + sshbuf_free(buf); + return r; +} + +int +kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, + size_t pklen, struct sshbuf **shared_secretp) +{ + struct sshbuf *buf = NULL; + u_char *kem_key = NULL; + const u_char *ciphertext, *server_pub; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t need; + int r, decoded; + + *shared_secretp = NULL; + + need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE; + if (pklen != need) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + ciphertext = pkblob; + server_pub = pkblob + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; +#ifdef DEBUG_KEXECDH + dump_digest("server cipher text:", ciphertext, + crypto_kem_sntrup4591761_CIPHERTEXTBYTES); + dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE); +#endif + /* hash concatenation of KEM key and ECDH shared key */ + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES, + &kem_key)) != 0) + goto out; + decoded = crypto_kem_sntrup4591761_dec(kem_key, ciphertext, + kex->sntrup4591761_client_key); + if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub, + buf, 1)) < 0) + goto out; + if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0) + goto out; +#ifdef DEBUG_KEXECDH + dump_digest("client kem key:", kem_key, sizeof(kem_key)); + dump_digest("concatenation of KEM key and ECDH shared key:", + sshbuf_ptr(buf), sshbuf_len(buf)); +#endif + sshbuf_reset(buf); + if ((r = sshbuf_put_string(buf, hash, + ssh_digest_bytes(kex->hash_alg))) != 0) + goto out; +#ifdef DEBUG_KEXECDH + dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf)); +#endif + if (decoded != 0) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + *shared_secretp = buf; + buf = NULL; + out: + explicit_bzero(hash, sizeof(hash)); + sshbuf_free(buf); + return r; +} diff --git a/monitor.c b/monitor.c index a9546dad2..b10fdebf2 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.192 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.193 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1689,6 +1689,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) # endif #endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kexc25519_server; + kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; diff --git a/sntrup4591761.c b/sntrup4591761.c new file mode 100644 index 000000000..d3ff549ae --- /dev/null +++ b/sntrup4591761.c @@ -0,0 +1,1068 @@ +#include +#include "crypto_api.h" + +/* from supercop-20181216/crypto_sort/int32/portable3/int32_minmax.inc */ +#define int32_MINMAX(a,b) \ +do { \ + int32 ab = b ^ a; \ + int32 c = b - a; \ + c ^= ab & (c ^ b); \ + c >>= 31; \ + c &= ab; \ + a ^= c; \ + b ^= c; \ +} while(0) + +/* from supercop-20181216/crypto_sort/int32/portable3/sort.c */ +#define int32 crypto_int32 + + +static void crypto_sort_int32(void *array,long long n) +{ + long long top,p,q,r,i; + int32 *x = array; + + if (n < 2) return; + top = 1; + while (top < n - top) top += top; + + for (p = top;p > 0;p >>= 1) { + for (i = 0;i < n - p;++i) + if (!(i & p)) + int32_MINMAX(x[i],x[i+p]); + i = 0; + for (q = top;q > p;q >>= 1) { + for (;i < n - q;++i) { + if (!(i & p)) { + int32 a = x[i + p]; + for (r = q;r > p;r >>= 1) + int32_MINMAX(a,x[i+r]); + x[i + p] = a; + } + } + } + } +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/small.h */ +#ifndef small_h +#define small_h + + +typedef crypto_int8 small; + +static void small_encode(unsigned char *,const small *); + +static void small_decode(small *,const unsigned char *); + + +static void small_random(small *); + +static void small_random_weightw(small *); + +#endif + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/mod3.h */ +#ifndef mod3_h +#define mod3_h + + +/* -1 if x is nonzero, 0 otherwise */ +static inline int mod3_nonzero_mask(small x) +{ + return -x*x; +} + +/* input between -100000 and 100000 */ +/* output between -1 and 1 */ +static inline small mod3_freeze(crypto_int32 a) +{ + a -= 3 * ((10923 * a) >> 15); + a -= 3 * ((89478485 * a + 134217728) >> 28); + return a; +} + +static inline small mod3_minusproduct(small a,small b,small c) +{ + crypto_int32 A = a; + crypto_int32 B = b; + crypto_int32 C = c; + return mod3_freeze(A - B * C); +} + +static inline small mod3_plusproduct(small a,small b,small c) +{ + crypto_int32 A = a; + crypto_int32 B = b; + crypto_int32 C = c; + return mod3_freeze(A + B * C); +} + +static inline small mod3_product(small a,small b) +{ + return a * b; +} + +static inline small mod3_sum(small a,small b) +{ + crypto_int32 A = a; + crypto_int32 B = b; + return mod3_freeze(A + B); +} + +static inline small mod3_reciprocal(small a1) +{ + return a1; +} + +static inline small mod3_quotient(small num,small den) +{ + return mod3_product(num,mod3_reciprocal(den)); +} + +#endif + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/modq.h */ +#ifndef modq_h +#define modq_h + + +typedef crypto_int16 modq; + +/* -1 if x is nonzero, 0 otherwise */ +static inline int modq_nonzero_mask(modq x) +{ + crypto_int32 r = (crypto_uint16) x; + r = -r; + r >>= 30; + return r; +} + +/* input between -9000000 and 9000000 */ +/* output between -2295 and 2295 */ +static inline modq modq_freeze(crypto_int32 a) +{ + a -= 4591 * ((228 * a) >> 20); + a -= 4591 * ((58470 * a + 134217728) >> 28); + return a; +} + +static inline modq modq_minusproduct(modq a,modq b,modq c) +{ + crypto_int32 A = a; + crypto_int32 B = b; + crypto_int32 C = c; + return modq_freeze(A - B * C); +} + +static inline modq modq_plusproduct(modq a,modq b,modq c) +{ + crypto_int32 A = a; + crypto_int32 B = b; + crypto_int32 C = c; + return modq_freeze(A + B * C); +} + +static inline modq modq_product(modq a,modq b) +{ + crypto_int32 A = a; + crypto_int32 B = b; + return modq_freeze(A * B); +} + +static inline modq modq_square(modq a) +{ + crypto_int32 A = a; + return modq_freeze(A * A); +} + +static inline modq modq_sum(modq a,modq b) +{ + crypto_int32 A = a; + crypto_int32 B = b; + return modq_freeze(A + B); +} + +static inline modq modq_reciprocal(modq a1) +{ + modq a2 = modq_square(a1); + modq a3 = modq_product(a2,a1); + modq a4 = modq_square(a2); + modq a8 = modq_square(a4); + modq a16 = modq_square(a8); + modq a32 = modq_square(a16); + modq a35 = modq_product(a32,a3); + modq a70 = modq_square(a35); + modq a140 = modq_square(a70); + modq a143 = modq_product(a140,a3); + modq a286 = modq_square(a143); + modq a572 = modq_square(a286); + modq a1144 = modq_square(a572); + modq a1147 = modq_product(a1144,a3); + modq a2294 = modq_square(a1147); + modq a4588 = modq_square(a2294); + modq a4589 = modq_product(a4588,a1); + return a4589; +} + +static inline modq modq_quotient(modq num,modq den) +{ + return modq_product(num,modq_reciprocal(den)); +} + +#endif + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/params.h */ +#ifndef params_h +#define params_h + +#define q 4591 +/* XXX: also built into modq in various ways */ + +#define qshift 2295 +#define p 761 +#define w 286 + +#define rq_encode_len 1218 +#define small_encode_len 191 + +#endif + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/r3.h */ +#ifndef r3_h +#define r3_h + + +static void r3_mult(small *,const small *,const small *); + +extern int r3_recip(small *,const small *); + +#endif + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq.h */ +#ifndef rq_h +#define rq_h + + +static void rq_encode(unsigned char *,const modq *); + +static void rq_decode(modq *,const unsigned char *); + +static void rq_encoderounded(unsigned char *,const modq *); + +static void rq_decoderounded(modq *,const unsigned char *); + +static void rq_round3(modq *,const modq *); + +static void rq_mult(modq *,const modq *,const small *); + +int rq_recip3(modq *,const small *); + +#endif + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/swap.h */ +#ifndef swap_h +#define swap_h + +static void swap(void *,void *,int,int); + +#endif + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/dec.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + +#ifdef KAT +#endif + + +int crypto_kem_sntrup4591761_dec( + unsigned char *k, + const unsigned char *cstr, + const unsigned char *sk +) +{ + small f[p]; + modq h[p]; + small grecip[p]; + modq c[p]; + modq t[p]; + small t3[p]; + small r[p]; + modq hr[p]; + unsigned char rstr[small_encode_len]; + unsigned char hash[64]; + int i; + int result = 0; + int weight; + + small_decode(f,sk); + small_decode(grecip,sk + small_encode_len); + rq_decode(h,sk + 2 * small_encode_len); + + rq_decoderounded(c,cstr + 32); + + rq_mult(t,c,f); + for (i = 0;i < p;++i) t3[i] = mod3_freeze(modq_freeze(3*t[i])); + + r3_mult(r,t3,grecip); + +#ifdef KAT + { + int j; + printf("decrypt r:"); + for (j = 0;j < p;++j) + if (r[j] == 1) printf(" +%d",j); + else if (r[j] == -1) printf(" -%d",j); + printf("\n"); + } +#endif + + weight = 0; + for (i = 0;i < p;++i) weight += (1 & r[i]); + weight -= w; + result |= modq_nonzero_mask(weight); /* XXX: puts limit on p */ + + rq_mult(hr,h,r); + rq_round3(hr,hr); + for (i = 0;i < p;++i) result |= modq_nonzero_mask(hr[i] - c[i]); + + small_encode(rstr,r); + crypto_hash_sha512(hash,rstr,sizeof rstr); + result |= crypto_verify_32(hash,cstr); + + for (i = 0;i < 32;++i) k[i] = (hash[32 + i] & ~result); + return result; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/enc.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + +#ifdef KAT +#endif + + +int crypto_kem_sntrup4591761_enc( + unsigned char *cstr, + unsigned char *k, + const unsigned char *pk +) +{ + small r[p]; + modq h[p]; + modq c[p]; + unsigned char rstr[small_encode_len]; + unsigned char hash[64]; + + small_random_weightw(r); + +#ifdef KAT + { + int i; + printf("encrypt r:"); + for (i = 0;i < p;++i) + if (r[i] == 1) printf(" +%d",i); + else if (r[i] == -1) printf(" -%d",i); + printf("\n"); + } +#endif + + small_encode(rstr,r); + crypto_hash_sha512(hash,rstr,sizeof rstr); + + rq_decode(h,pk); + rq_mult(c,h,r); + rq_round3(c,c); + + memcpy(k,hash + 32,32); + memcpy(cstr,hash,32); + rq_encoderounded(cstr + 32,c); + + return 0; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/keypair.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +#if crypto_kem_sntrup4591761_PUBLICKEYBYTES != rq_encode_len +#error "crypto_kem_sntrup4591761_PUBLICKEYBYTES must match rq_encode_len" +#endif +#if crypto_kem_sntrup4591761_SECRETKEYBYTES != rq_encode_len + 2 * small_encode_len +#error "crypto_kem_sntrup4591761_SECRETKEYBYTES must match rq_encode_len + 2 * small_encode_len" +#endif + +int crypto_kem_sntrup4591761_keypair(unsigned char *pk,unsigned char *sk) +{ + small g[p]; + small grecip[p]; + small f[p]; + modq f3recip[p]; + modq h[p]; + + do + small_random(g); + while (r3_recip(grecip,g) != 0); + + small_random_weightw(f); + rq_recip3(f3recip,f); + + rq_mult(h,f3recip,g); + + rq_encode(pk,h); + small_encode(sk,f); + small_encode(sk + small_encode_len,grecip); + memcpy(sk + 2 * small_encode_len,pk,rq_encode_len); + + return 0; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/r3_mult.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void r3_mult(small *h,const small *f,const small *g) +{ + small fg[p + p - 1]; + small result; + int i, j; + + for (i = 0;i < p;++i) { + result = 0; + for (j = 0;j <= i;++j) + result = mod3_plusproduct(result,f[j],g[i - j]); + fg[i] = result; + } + for (i = p;i < p + p - 1;++i) { + result = 0; + for (j = i - p + 1;j < p;++j) + result = mod3_plusproduct(result,f[j],g[i - j]); + fg[i] = result; + } + + for (i = p + p - 2;i >= p;--i) { + fg[i - p] = mod3_sum(fg[i - p],fg[i]); + fg[i - p + 1] = mod3_sum(fg[i - p + 1],fg[i]); + } + + for (i = 0;i < p;++i) + h[i] = fg[i]; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/r3_recip.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +/* caller must ensure that x-y does not overflow */ +static int smaller_mask_r3_recip(int x,int y) +{ + return (x - y) >> 31; +} + +static void vectormod3_product(small *z,int len,const small *x,const small c) +{ + int i; + for (i = 0;i < len;++i) z[i] = mod3_product(x[i],c); +} + +static void vectormod3_minusproduct(small *z,int len,const small *x,const small *y,const small c) +{ + int i; + for (i = 0;i < len;++i) z[i] = mod3_minusproduct(x[i],y[i],c); +} + +static void vectormod3_shift(small *z,int len) +{ + int i; + for (i = len - 1;i > 0;--i) z[i] = z[i - 1]; + z[0] = 0; +} + +/* +r = s^(-1) mod m, returning 0, if s is invertible mod m +or returning -1 if s is not invertible mod m +r,s are polys of degree

= loops) break; + + c = mod3_quotient(g[p],f[p]); + + vectormod3_minusproduct(g,p + 1,g,f,c); + vectormod3_shift(g,p + 1); + +#ifdef SIMPLER + vectormod3_minusproduct(v,loops + 1,v,u,c); + vectormod3_shift(v,loops + 1); +#else + if (loop < p) { + vectormod3_minusproduct(v,loop + 1,v,u,c); + vectormod3_shift(v,loop + 2); + } else { + vectormod3_minusproduct(v + loop - p,p + 1,v + loop - p,u + loop - p,c); + vectormod3_shift(v + loop - p,p + 2); + } +#endif + + e -= 1; + + ++loop; + + swapmask = smaller_mask_r3_recip(e,d) & mod3_nonzero_mask(g[p]); + swap(&e,&d,sizeof e,swapmask); + swap(f,g,(p + 1) * sizeof(small),swapmask); + +#ifdef SIMPLER + swap(u,v,(loops + 1) * sizeof(small),swapmask); +#else + if (loop < p) { + swap(u,v,(loop + 1) * sizeof(small),swapmask); + } else { + swap(u + loop - p,v + loop - p,(p + 1) * sizeof(small),swapmask); + } +#endif + } + + c = mod3_reciprocal(f[p]); + vectormod3_product(r,p,u + p,c); + return smaller_mask_r3_recip(0,d); +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/randomsmall.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void small_random(small *g) +{ + int i; + + for (i = 0;i < p;++i) { + crypto_uint32 r = small_random32(); + g[i] = (small) (((1073741823 & r) * 3) >> 30) - 1; + } +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/randomweightw.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void small_random_weightw(small *f) +{ + crypto_int32 r[p]; + int i; + + for (i = 0;i < p;++i) r[i] = small_random32(); + for (i = 0;i < w;++i) r[i] &= -2; + for (i = w;i < p;++i) r[i] = (r[i] & -3) | 1; + crypto_sort_int32(r,p); + for (i = 0;i < p;++i) f[i] = ((small) (r[i] & 3)) - 1; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void rq_encode(unsigned char *c,const modq *f) +{ + crypto_int32 f0, f1, f2, f3, f4; + int i; + + for (i = 0;i < p/5;++i) { + f0 = *f++ + qshift; + f1 = *f++ + qshift; + f2 = *f++ + qshift; + f3 = *f++ + qshift; + f4 = *f++ + qshift; + /* now want f0 + 6144*f1 + ... as a 64-bit integer */ + f1 *= 3; + f2 *= 9; + f3 *= 27; + f4 *= 81; + /* now want f0 + f1<<11 + f2<<22 + f3<<33 + f4<<44 */ + f0 += f1 << 11; + *c++ = f0; f0 >>= 8; + *c++ = f0; f0 >>= 8; + f0 += f2 << 6; + *c++ = f0; f0 >>= 8; + *c++ = f0; f0 >>= 8; + f0 += f3 << 1; + *c++ = f0; f0 >>= 8; + f0 += f4 << 4; + *c++ = f0; f0 >>= 8; + *c++ = f0; f0 >>= 8; + *c++ = f0; + } + /* XXX: using p mod 5 = 1 */ + f0 = *f++ + qshift; + *c++ = f0; f0 >>= 8; + *c++ = f0; +} + +static void rq_decode(modq *f,const unsigned char *c) +{ + crypto_uint32 c0, c1, c2, c3, c4, c5, c6, c7; + crypto_uint32 f0, f1, f2, f3, f4; + int i; + + for (i = 0;i < p/5;++i) { + c0 = *c++; + c1 = *c++; + c2 = *c++; + c3 = *c++; + c4 = *c++; + c5 = *c++; + c6 = *c++; + c7 = *c++; + + /* f0 + f1*6144 + f2*6144^2 + f3*6144^3 + f4*6144^4 */ + /* = c0 + c1*256 + ... + c6*256^6 + c7*256^7 */ + /* with each f between 0 and 4590 */ + + c6 += c7 << 8; + /* c6 <= 23241 = floor(4591*6144^4/2^48) */ + /* f4 = (16/81)c6 + (1/1296)(c5+[0,1]) - [0,0.75] */ + /* claim: 2^19 f4 < x < 2^19(f4+1) */ + /* where x = 103564 c6 + 405(c5+1) */ + /* proof: x - 2^19 f4 = (76/81)c6 + (37/81)c5 + 405 - (32768/81)[0,1] + 2^19[0,0.75] */ + /* at least 405 - 32768/81 > 0 */ + /* at most (76/81)23241 + (37/81)255 + 405 + 2^19 0.75 < 2^19 */ + f4 = (103564*c6 + 405*(c5+1)) >> 19; + + c5 += c6 << 8; + c5 -= (f4 * 81) << 4; + c4 += c5 << 8; + + /* f0 + f1*6144 + f2*6144^2 + f3*6144^3 */ + /* = c0 + c1*256 + c2*256^2 + c3*256^3 + c4*256^4 */ + /* c4 <= 247914 = floor(4591*6144^3/2^32) */ + /* f3 = (1/54)(c4+[0,1]) - [0,0.75] */ + /* claim: 2^19 f3 < x < 2^19(f3+1) */ + /* where x = 9709(c4+2) */ + /* proof: x - 2^19 f3 = 19418 - (1/27)c4 - (262144/27)[0,1] + 2^19[0,0.75] */ + /* at least 19418 - 247914/27 - 262144/27 > 0 */ + /* at most 19418 + 2^19 0.75 < 2^19 */ + f3 = (9709*(c4+2)) >> 19; + + c4 -= (f3 * 27) << 1; + c3 += c4 << 8; + /* f0 + f1*6144 + f2*6144^2 */ + /* = c0 + c1*256 + c2*256^2 + c3*256^3 */ + /* c3 <= 10329 = floor(4591*6144^2/2^24) */ + /* f2 = (4/9)c3 + (1/576)c2 + (1/147456)c1 + (1/37748736)c0 - [0,0.75] */ + /* claim: 2^19 f2 < x < 2^19(f2+1) */ + /* where x = 233017 c3 + 910(c2+2) */ + /* proof: x - 2^19 f2 = 1820 + (1/9)c3 - (2/9)c2 - (32/9)c1 - (1/72)c0 + 2^19[0,0.75] */ + /* at least 1820 - (2/9)255 - (32/9)255 - (1/72)255 > 0 */ + /* at most 1820 + (1/9)10329 + 2^19 0.75 < 2^19 */ + f2 = (233017*c3 + 910*(c2+2)) >> 19; + + c2 += c3 << 8; + c2 -= (f2 * 9) << 6; + c1 += c2 << 8; + /* f0 + f1*6144 */ + /* = c0 + c1*256 */ + /* c1 <= 110184 = floor(4591*6144/2^8) */ + /* f1 = (1/24)c1 + (1/6144)c0 - (1/6144)f0 */ + /* claim: 2^19 f1 < x < 2^19(f1+1) */ + /* where x = 21845(c1+2) + 85 c0 */ + /* proof: x - 2^19 f1 = 43690 - (1/3)c1 - (1/3)c0 + 2^19 [0,0.75] */ + /* at least 43690 - (1/3)110184 - (1/3)255 > 0 */ + /* at most 43690 + 2^19 0.75 < 2^19 */ + f1 = (21845*(c1+2) + 85*c0) >> 19; + + c1 -= (f1 * 3) << 3; + c0 += c1 << 8; + f0 = c0; + + *f++ = modq_freeze(f0 + q - qshift); + *f++ = modq_freeze(f1 + q - qshift); + *f++ = modq_freeze(f2 + q - qshift); + *f++ = modq_freeze(f3 + q - qshift); + *f++ = modq_freeze(f4 + q - qshift); + } + + c0 = *c++; + c1 = *c++; + c0 += c1 << 8; + *f++ = modq_freeze(c0 + q - qshift); +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_mult.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void rq_mult(modq *h,const modq *f,const small *g) +{ + modq fg[p + p - 1]; + modq result; + int i, j; + + for (i = 0;i < p;++i) { + result = 0; + for (j = 0;j <= i;++j) + result = modq_plusproduct(result,f[j],g[i - j]); + fg[i] = result; + } + for (i = p;i < p + p - 1;++i) { + result = 0; + for (j = i - p + 1;j < p;++j) + result = modq_plusproduct(result,f[j],g[i - j]); + fg[i] = result; + } + + for (i = p + p - 2;i >= p;--i) { + fg[i - p] = modq_sum(fg[i - p],fg[i]); + fg[i - p + 1] = modq_sum(fg[i - p + 1],fg[i]); + } + + for (i = 0;i < p;++i) + h[i] = fg[i]; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_recip3.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +/* caller must ensure that x-y does not overflow */ +static int smaller_mask_rq_recip3(int x,int y) +{ + return (x - y) >> 31; +} + +static void vectormodq_product(modq *z,int len,const modq *x,const modq c) +{ + int i; + for (i = 0;i < len;++i) z[i] = modq_product(x[i],c); +} + +static void vectormodq_minusproduct(modq *z,int len,const modq *x,const modq *y,const modq c) +{ + int i; + for (i = 0;i < len;++i) z[i] = modq_minusproduct(x[i],y[i],c); +} + +static void vectormodq_shift(modq *z,int len) +{ + int i; + for (i = len - 1;i > 0;--i) z[i] = z[i - 1]; + z[0] = 0; +} + +/* +r = (3s)^(-1) mod m, returning 0, if s is invertible mod m +or returning -1 if s is not invertible mod m +r,s are polys of degree

= loops) break; + + c = modq_quotient(g[p],f[p]); + + vectormodq_minusproduct(g,p + 1,g,f,c); + vectormodq_shift(g,p + 1); + +#ifdef SIMPLER + vectormodq_minusproduct(v,loops + 1,v,u,c); + vectormodq_shift(v,loops + 1); +#else + if (loop < p) { + vectormodq_minusproduct(v,loop + 1,v,u,c); + vectormodq_shift(v,loop + 2); + } else { + vectormodq_minusproduct(v + loop - p,p + 1,v + loop - p,u + loop - p,c); + vectormodq_shift(v + loop - p,p + 2); + } +#endif + + e -= 1; + + ++loop; + + swapmask = smaller_mask_rq_recip3(e,d) & modq_nonzero_mask(g[p]); + swap(&e,&d,sizeof e,swapmask); + swap(f,g,(p + 1) * sizeof(modq),swapmask); + +#ifdef SIMPLER + swap(u,v,(loops + 1) * sizeof(modq),swapmask); +#else + if (loop < p) { + swap(u,v,(loop + 1) * sizeof(modq),swapmask); + } else { + swap(u + loop - p,v + loop - p,(p + 1) * sizeof(modq),swapmask); + } +#endif + } + + c = modq_reciprocal(f[p]); + vectormodq_product(r,p,u + p,c); + return smaller_mask_rq_recip3(0,d); +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_round3.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void rq_round3(modq *h,const modq *f) +{ + int i; + + for (i = 0;i < p;++i) + h[i] = ((21846 * (f[i] + 2295) + 32768) >> 16) * 3 - 2295; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_rounded.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void rq_encoderounded(unsigned char *c,const modq *f) +{ + crypto_int32 f0, f1, f2; + int i; + + for (i = 0;i < p/3;++i) { + f0 = *f++ + qshift; + f1 = *f++ + qshift; + f2 = *f++ + qshift; + f0 = (21846 * f0) >> 16; + f1 = (21846 * f1) >> 16; + f2 = (21846 * f2) >> 16; + /* now want f0 + f1*1536 + f2*1536^2 as a 32-bit integer */ + f2 *= 3; + f1 += f2 << 9; + f1 *= 3; + f0 += f1 << 9; + *c++ = f0; f0 >>= 8; + *c++ = f0; f0 >>= 8; + *c++ = f0; f0 >>= 8; + *c++ = f0; + } + /* XXX: using p mod 3 = 2 */ + f0 = *f++ + qshift; + f1 = *f++ + qshift; + f0 = (21846 * f0) >> 16; + f1 = (21846 * f1) >> 16; + f1 *= 3; + f0 += f1 << 9; + *c++ = f0; f0 >>= 8; + *c++ = f0; f0 >>= 8; + *c++ = f0; +} + +static void rq_decoderounded(modq *f,const unsigned char *c) +{ + crypto_uint32 c0, c1, c2, c3; + crypto_uint32 f0, f1, f2; + int i; + + for (i = 0;i < p/3;++i) { + c0 = *c++; + c1 = *c++; + c2 = *c++; + c3 = *c++; + + /* f0 + f1*1536 + f2*1536^2 */ + /* = c0 + c1*256 + c2*256^2 + c3*256^3 */ + /* with each f between 0 and 1530 */ + + /* f2 = (64/9)c3 + (1/36)c2 + (1/9216)c1 + (1/2359296)c0 - [0,0.99675] */ + /* claim: 2^21 f2 < x < 2^21(f2+1) */ + /* where x = 14913081*c3 + 58254*c2 + 228*(c1+2) */ + /* proof: x - 2^21 f2 = 456 - (8/9)c0 + (4/9)c1 - (2/9)c2 + (1/9)c3 + 2^21 [0,0.99675] */ + /* at least 456 - (8/9)255 - (2/9)255 > 0 */ + /* at most 456 + (4/9)255 + (1/9)255 + 2^21 0.99675 < 2^21 */ + f2 = (14913081*c3 + 58254*c2 + 228*(c1+2)) >> 21; + + c2 += c3 << 8; + c2 -= (f2 * 9) << 2; + /* f0 + f1*1536 */ + /* = c0 + c1*256 + c2*256^2 */ + /* c2 <= 35 = floor((1530+1530*1536)/256^2) */ + /* f1 = (128/3)c2 + (1/6)c1 + (1/1536)c0 - (1/1536)f0 */ + /* claim: 2^21 f1 < x < 2^21(f1+1) */ + /* where x = 89478485*c2 + 349525*c1 + 1365*(c0+1) */ + /* proof: x - 2^21 f1 = 1365 - (1/3)c2 - (1/3)c1 - (1/3)c0 + (4096/3)f0 */ + /* at least 1365 - (1/3)35 - (1/3)255 - (1/3)255 > 0 */ + /* at most 1365 + (4096/3)1530 < 2^21 */ + f1 = (89478485*c2 + 349525*c1 + 1365*(c0+1)) >> 21; + + c1 += c2 << 8; + c1 -= (f1 * 3) << 1; + + c0 += c1 << 8; + f0 = c0; + + *f++ = modq_freeze(f0 * 3 + q - qshift); + *f++ = modq_freeze(f1 * 3 + q - qshift); + *f++ = modq_freeze(f2 * 3 + q - qshift); + } + + c0 = *c++; + c1 = *c++; + c2 = *c++; + + f1 = (89478485*c2 + 349525*c1 + 1365*(c0+1)) >> 21; + + c1 += c2 << 8; + c1 -= (f1 * 3) << 1; + + c0 += c1 << 8; + f0 = c0; + + *f++ = modq_freeze(f0 * 3 + q - qshift); + *f++ = modq_freeze(f1 * 3 + q - qshift); +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/small.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +/* XXX: these functions rely on p mod 4 = 1 */ + +/* all coefficients in -1, 0, 1 */ +static void small_encode(unsigned char *c,const small *f) +{ + small c0; + int i; + + for (i = 0;i < p/4;++i) { + c0 = *f++ + 1; + c0 += (*f++ + 1) << 2; + c0 += (*f++ + 1) << 4; + c0 += (*f++ + 1) << 6; + *c++ = c0; + } + c0 = *f++ + 1; + *c++ = c0; +} + +static void small_decode(small *f,const unsigned char *c) +{ + unsigned char c0; + int i; + + for (i = 0;i < p/4;++i) { + c0 = *c++; + *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2; + *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2; + *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2; + *f++ = ((small) (c0 & 3)) - 1; + } + c0 = *c++; + *f++ = ((small) (c0 & 3)) - 1; +} + +/* from supercop-20181216/crypto_kem/sntrup4591761/ref/swap.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void swap(void *x,void *y,int bytes,int mask) +{ + int i; + char xi, yi, c, t; + + c = mask; + + for (i = 0;i < bytes;++i) { + xi = i[(char *) x]; + yi = i[(char *) y]; + t = c & (xi ^ yi); + xi ^= t; + yi ^= t; + i[(char *) x] = xi; + i[(char *) y] = yi; + } +} + diff --git a/sntrup4591761.sh b/sntrup4591761.sh new file mode 100644 index 000000000..5540ca4d9 --- /dev/null +++ b/sntrup4591761.sh @@ -0,0 +1,47 @@ +#!/bin/sh +FILES=" + supercop-20181216/crypto_sort/int32/portable3/int32_minmax.inc + supercop-20181216/crypto_sort/int32/portable3/sort.c + supercop-20181216/crypto_kem/sntrup4591761/ref/small.h + supercop-20181216/crypto_kem/sntrup4591761/ref/mod3.h + supercop-20181216/crypto_kem/sntrup4591761/ref/modq.h + supercop-20181216/crypto_kem/sntrup4591761/ref/params.h + supercop-20181216/crypto_kem/sntrup4591761/ref/r3.h + supercop-20181216/crypto_kem/sntrup4591761/ref/rq.h + supercop-20181216/crypto_kem/sntrup4591761/ref/swap.h + supercop-20181216/crypto_kem/sntrup4591761/ref/dec.c + supercop-20181216/crypto_kem/sntrup4591761/ref/enc.c + supercop-20181216/crypto_kem/sntrup4591761/ref/keypair.c + supercop-20181216/crypto_kem/sntrup4591761/ref/r3_mult.c + supercop-20181216/crypto_kem/sntrup4591761/ref/r3_recip.c + supercop-20181216/crypto_kem/sntrup4591761/ref/randomsmall.c + supercop-20181216/crypto_kem/sntrup4591761/ref/randomweightw.c + supercop-20181216/crypto_kem/sntrup4591761/ref/rq.c + supercop-20181216/crypto_kem/sntrup4591761/ref/rq_mult.c + supercop-20181216/crypto_kem/sntrup4591761/ref/rq_recip3.c + supercop-20181216/crypto_kem/sntrup4591761/ref/rq_round3.c + supercop-20181216/crypto_kem/sntrup4591761/ref/rq_rounded.c + supercop-20181216/crypto_kem/sntrup4591761/ref/small.c + supercop-20181216/crypto_kem/sntrup4591761/ref/swap.c +" +### + +set -e +DIR=/data/git/mfriedl +cd $DIR +echo '#include ' +echo '#include "crypto_api.h"' +echo +for i in $FILES; do + echo "/* from $i */" + b=$(basename $i .c) + grep \ + -v '#include' $i | \ + grep -v "extern crypto_int32 small_random32" | + sed -e "s/crypto_kem_/crypto_kem_sntrup4591761_/g" \ + -e "s/smaller_mask/smaller_mask_${b}/g" \ + -e "s/void crypto_sort/void crypto_sort_int32/" \ + -e "s/^extern void /static void /" \ + -e "s/^void /static void /" + echo +done diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 88449f672..83a768700 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.120 2018/06/06 18:29:18 markus Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.121 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -272,6 +272,7 @@ keygrab_ssh2(con *c) # endif #endif c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; + c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); /* * do the key-exchange until an error occurs or until diff --git a/ssh_api.c b/ssh_api.c index 182c0d7e4..73981aa37 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.10 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.11 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -111,6 +111,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) # endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server; + ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; ssh->kex->load_host_public_key=&_ssh_host_public_key; ssh->kex->load_host_private_key=&_ssh_host_private_key; ssh->kex->sign=&_ssh_host_key_sign; @@ -128,6 +129,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) # endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; + ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; ssh->kex->verify_host_key =&_ssh_verify_host_key; } *sshp = ssh; diff --git a/sshconnect2.c b/sshconnect2.c index 65d8be667..05657fd73 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.296 2019/01/21 01:05:00 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.297 2019/01/21 10:20:12 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -213,6 +213,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) # endif #endif ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; + ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; ssh->kex->verify_host_key=&verify_host_key_callback; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); diff --git a/sshd.c b/sshd.c index f6927672e..330b8052d 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.527 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.528 2019/01/21 10:20:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2219,6 +2219,7 @@ do_ssh2_kex(struct ssh *ssh) # endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; + kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; -- cgit v1.2.3 From 2f6a9ddbbf6ca8623c53c323ff17fb6d68d66970 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:24:09 +0000 Subject: upstream: use KEM API for vanilla c25519 KEX OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f --- Makefile.in | 2 - kex.h | 7 ++- kexc25519.c | 122 ++++++++++++++++++++++++++++++++++++++++++++---- kexc25519c.c | 145 ---------------------------------------------------------- kexc25519s.c | 136 ------------------------------------------------------ kexkemc.c | 30 ++++++++++-- kexkems.c | 18 ++++++-- monitor.c | 4 +- ssh-keyscan.c | 4 +- ssh_api.c | 6 +-- sshconnect2.c | 4 +- sshd.c | 4 +- 12 files changed, 170 insertions(+), 312 deletions(-) delete mode 100644 kexc25519c.c delete mode 100644 kexc25519s.c diff --git a/Makefile.in b/Makefile.in index 2b22e9f47..89f930367 100644 --- a/Makefile.in +++ b/Makefile.in @@ -98,8 +98,6 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ - kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ - kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \ platform-pledge.o platform-tracing.o platform-misc.o diff --git a/kex.h b/kex.h index 258a64712..2eec2e04f 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.99 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.100 2019/01/21 10:24:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -211,6 +211,11 @@ int kexc25519_server(struct ssh *); int kex_kem_client(struct ssh *); int kex_kem_server(struct ssh *); +int kex_c25519_keypair(struct kex *); +int kex_c25519_enc(struct kex *, const u_char *, size_t, struct sshbuf **, + struct sshbuf **); +int kex_c25519_dec(struct kex *, const u_char *, size_t, struct sshbuf **); + int kex_kem_sntrup4591761x25519_keypair(struct kex *); int kex_kem_sntrup4591761x25519_enc(struct kex *, const u_char *, size_t, struct sshbuf **, struct sshbuf **); diff --git a/kexc25519.c b/kexc25519.c index 3911baf14..a06c6e44b 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,6 +1,6 @@ -/* $OpenBSD: kexc25519.c,v 1.13 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.14 2019/01/21 10:24:09 djm Exp $ */ /* - * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. + * Copyright (c) 2019 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. * @@ -29,20 +29,16 @@ #include -#include +#include #include +#include -#include -#include - -#include "sshbuf.h" -#include "ssh2.h" #include "sshkey.h" -#include "cipher.h" #include "kex.h" -#include "log.h" +#include "sshbuf.h" #include "digest.h" #include "ssherr.h" +#include "ssh2.h" extern int crypto_scalarmult_curve25519(u_char a[CURVE25519_SIZE], const u_char b[CURVE25519_SIZE], const u_char c[CURVE25519_SIZE]) @@ -142,3 +138,109 @@ kex_c25519_hash( #endif return 0; } + +int +kex_c25519_keypair(struct kex *kex) +{ + struct sshbuf *buf = NULL; + u_char *cp = NULL; + int r; + + if ((buf = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_reserve(buf, CURVE25519_SIZE, &cp)) != 0) + goto out; + kexc25519_keygen(kex->c25519_client_key, cp); +#ifdef DEBUG_KEXECDH + dump_digest("client public key c25519:", cp, CURVE25519_SIZE); +#endif + kex->kem_client_pub = buf; + buf = NULL; + out: + sshbuf_free(buf); + return r; +} + +int +kex_c25519_enc(struct kex *kex, const u_char *pkblob, + size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +{ + struct sshbuf *server_blob = NULL; + struct sshbuf *buf = NULL; + u_char *server_pub; + u_char server_key[CURVE25519_SIZE]; + int r; + + *server_blobp = NULL; + *shared_secretp = NULL; + + if (pklen != CURVE25519_SIZE) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } +#ifdef DEBUG_KEXECDH + dump_digest("client public key 25519:", pkblob, CURVE25519_SIZE); +#endif + /* allocate space for encrypted KEM key and ECDH pub key */ + if ((server_blob = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_reserve(server_blob, CURVE25519_SIZE, &server_pub)) != 0) + goto out; + kexc25519_keygen(server_key, server_pub); + /* allocate shared secret */ + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = kexc25519_shared_key_ext(server_key, pkblob, buf, 0)) < 0) + goto out; +#ifdef DEBUG_KEXECDH + dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE); + dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf)); +#endif + *server_blobp = server_blob; + *shared_secretp = buf; + server_blob = NULL; + buf = NULL; + out: + explicit_bzero(server_key, sizeof(server_key)); + sshbuf_free(server_blob); + sshbuf_free(buf); + return r; +} + +int +kex_c25519_dec(struct kex *kex, const u_char *pkblob, + size_t pklen, struct sshbuf **shared_secretp) +{ + struct sshbuf *buf = NULL; + int r; + + *shared_secretp = NULL; + + if (pklen != CURVE25519_SIZE) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } +#ifdef DEBUG_KEXECDH + dump_digest("server public key c25519:", pkblob, CURVE25519_SIZE); +#endif + /* shared secret */ + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, pkblob, + buf, 0)) < 0) + goto out; +#ifdef DEBUG_KEXECDH + dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf)); +#endif + *shared_secretp = buf; + buf = NULL; + out: + sshbuf_free(buf); + return r; +} diff --git a/kexc25519c.c b/kexc25519c.c deleted file mode 100644 index cc6e54cc7..000000000 --- a/kexc25519c.c +++ /dev/null @@ -1,145 +0,0 @@ -/* $OpenBSD: kexc25519c.c,v 1.13 2019/01/21 10:20:12 djm Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * Copyright (c) 2010 Damien Miller. All rights reserved. - * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include "sshkey.h" -#include "cipher.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "ssh2.h" -#include "sshbuf.h" -#include "digest.h" -#include "ssherr.h" - -static int -input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh); - -int -kexc25519_client(struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - int r; - - kexc25519_keygen(kex->c25519_client_key, kex->c25519_client_pubkey); -#ifdef DEBUG_KEXECDH - dump_digest("client private key:", kex->c25519_client_key, - sizeof(kex->c25519_client_key)); -#endif - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || - (r = sshpkt_put_string(ssh, kex->c25519_client_pubkey, - sizeof(kex->c25519_client_pubkey))) != 0 || - (r = sshpkt_send(ssh)) != 0) - return r; - - debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); - ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_c25519_reply); - return 0; -} - -static int -input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - struct sshkey *server_host_key = NULL; - struct sshbuf *shared_secret = NULL; - u_char *server_pubkey = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, pklen, sbloblen, hashlen; - int r; - - /* hostkey */ - if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) - goto out; - if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) - goto out; - - /* Q_S, server public key */ - /* signed H */ - if ((r = sshpkt_get_string(ssh, &server_pubkey, &pklen)) != 0 || - (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - if (pklen != CURVE25519_SIZE) { - r = SSH_ERR_SIGNATURE_INVALID; - goto out; - } - -#ifdef DEBUG_KEXECDH - dump_digest("server public key:", server_pubkey, CURVE25519_SIZE); -#endif - - if ((shared_secret = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = kexc25519_shared_key(kex->c25519_client_key, server_pubkey, - shared_secret)) != 0) - goto out; - - /* calc and verify H */ - hashlen = sizeof(hash); - if ((r = kex_c25519_hash( - kex->hash_alg, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - kex->c25519_client_pubkey, sizeof(kex->c25519_client_pubkey), - server_pubkey, pklen, - sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), - hash, &hashlen)) != 0) - goto out; - - if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - kex->hostkey_alg, ssh->compat)) != 0) - goto out; - - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); -out: - explicit_bzero(hash, sizeof(hash)); - explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); - free(server_host_key_blob); - free(server_pubkey); - free(signature); - sshkey_free(server_host_key); - sshbuf_free(shared_secret); - return r; -} diff --git a/kexc25519s.c b/kexc25519s.c deleted file mode 100644 index ace4d5c79..000000000 --- a/kexc25519s.c +++ /dev/null @@ -1,136 +0,0 @@ -/* $OpenBSD: kexc25519s.c,v 1.16 2019/01/21 10:20:12 djm Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * Copyright (c) 2010 Damien Miller. All rights reserved. - * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. - * - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include - -#include "sshkey.h" -#include "cipher.h" -#include "digest.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "ssh2.h" -#include "sshbuf.h" -#include "ssherr.h" - -static int input_kex_c25519_init(int, u_int32_t, struct ssh *); - -int -kexc25519_server(struct ssh *ssh) -{ - debug("expecting SSH2_MSG_KEX_ECDH_INIT"); - ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_c25519_init); - return 0; -} - -static int -input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - struct sshkey *server_host_private, *server_host_public; - struct sshbuf *shared_secret = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char server_key[CURVE25519_SIZE]; - u_char *client_pubkey = NULL; - u_char server_pubkey[CURVE25519_SIZE]; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, pklen, sbloblen, hashlen; - int r; - - /* generate private key */ - kexc25519_keygen(server_key, server_pubkey); -#ifdef DEBUG_KEXECDH - dump_digest("server private key:", server_key, sizeof(server_key)); -#endif - if ((r = kex_load_hostkey(ssh, &server_host_private, - &server_host_public)) != 0) - goto out; - if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - if (pklen != CURVE25519_SIZE) { - r = SSH_ERR_SIGNATURE_INVALID; - goto out; - } -#ifdef DEBUG_KEXECDH - dump_digest("client public key:", client_pubkey, CURVE25519_SIZE); -#endif - - if ((shared_secret = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = kexc25519_shared_key(server_key, client_pubkey, - shared_secret)) < 0) - goto out; - - /* calc H */ - if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) - goto out; - hashlen = sizeof(hash); - if ((r = kex_c25519_hash( - kex->hash_alg, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - client_pubkey, pklen, - server_pubkey, sizeof(server_pubkey), - sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), - hash, &hashlen)) != 0) - goto out; - - /* sign H */ - if ((r = kex->sign(ssh, server_host_private, server_host_public, - &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) - goto out; - - /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_string(ssh, server_pubkey, sizeof(server_pubkey))) != 0 || - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); -out: - explicit_bzero(hash, sizeof(hash)); - explicit_bzero(server_key, sizeof(server_key)); - free(server_host_key_blob); - free(signature); - free(client_pubkey); - sshbuf_free(shared_secret); - return r; -} diff --git a/kexkemc.c b/kexkemc.c index 47f15c30c..13f36a116 100644 --- a/kexkemc.c +++ b/kexkemc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkemc.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: kexkemc.c,v 1.2 2019/01/21 10:24:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -47,7 +47,18 @@ kex_kem_client(struct ssh *ssh) struct kex *kex = ssh->kex; int r; - if ((r = kex_kem_sntrup4591761x25519_keypair(kex)) != 0) + switch (kex->kex_type) { + case KEX_C25519_SHA256: + r = kex_c25519_keypair(kex); + break; + case KEX_KEM_SNTRUP4591761X25519_SHA512: + r = kex_kem_sntrup4591761x25519_keypair(kex); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + if (r != 0) return r; if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || (r = sshpkt_put_stringb(ssh, kex->kem_client_pub)) != 0 || @@ -87,8 +98,19 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) goto out; /* compute shared secret */ - if ((r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen, - &shared_secret)) != 0) + switch (kex->kex_type) { + case KEX_C25519_SHA256: + r = kex_c25519_dec(kex, server_pubkey, pklen, &shared_secret); + break; + case KEX_KEM_SNTRUP4591761X25519_SHA512: + r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen, + &shared_secret); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + if (r !=0 ) goto out; /* calc and verify H */ diff --git a/kexkems.c b/kexkems.c index 43cf82018..89237902b 100644 --- a/kexkems.c +++ b/kexkems.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkems.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: kexkems.c,v 1.2 2019/01/21 10:24:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -68,8 +68,20 @@ input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) goto out; /* compute shared secret */ - if ((r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey, pklen, - &server_pubkey, &shared_secret)) != 0) + switch (kex->kex_type) { + case KEX_C25519_SHA256: + r = kex_c25519_enc(kex, client_pubkey, pklen, &server_pubkey, + &shared_secret); + break; + case KEX_KEM_SNTRUP4591761X25519_SHA512: + r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey, pklen, + &server_pubkey, &shared_secret); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + if (r !=0 ) goto out; /* calc H */ diff --git a/monitor.c b/monitor.c index b10fdebf2..9f86d5b75 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.193 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.194 2019/01/21 10:24:09 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1688,7 +1688,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_ECDH_SHA2] = kexecdh_server; # endif #endif /* WITH_OPENSSL */ - kex->kex[KEX_C25519_SHA256] = kexc25519_server; + kex->kex[KEX_C25519_SHA256] = kex_kem_server; kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 83a768700..9eebc1445 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.121 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.122 2019/01/21 10:24:09 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -271,7 +271,7 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; # endif #endif - c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; + c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); /* diff --git a/ssh_api.c b/ssh_api.c index 73981aa37..fe9fbf5a7 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.11 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.12 2019/01/21 10:24:09 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -110,7 +110,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; # endif #endif /* WITH_OPENSSL */ - ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server; + ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_server; ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; ssh->kex->load_host_public_key=&_ssh_host_public_key; ssh->kex->load_host_private_key=&_ssh_host_private_key; @@ -128,7 +128,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; # endif #endif /* WITH_OPENSSL */ - ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; + ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; ssh->kex->verify_host_key =&_ssh_verify_host_key; } diff --git a/sshconnect2.c b/sshconnect2.c index 05657fd73..be19722bb 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.297 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.298 2019/01/21 10:24:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -212,7 +212,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; # endif #endif - ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; + ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; ssh->kex->verify_host_key=&verify_host_key_callback; diff --git a/sshd.c b/sshd.c index 330b8052d..665b22b1e 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.528 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.529 2019/01/21 10:24:09 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2218,7 +2218,7 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_ECDH_SHA2] = kexecdh_server; # endif #endif - kex->kex[KEX_C25519_SHA256] = kexc25519_server; + kex->kex[KEX_C25519_SHA256] = kex_kem_server; kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; -- cgit v1.2.3 From 9c9c97e14fe190931f341876ad98213e1e1dc19f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:28:01 +0000 Subject: upstream: use KEM API for vanilla DH KEX from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9 --- Makefile.in | 2 + kex.h | 10 ++-- kexdh.c | 140 +++++++++++++++++++++++++++++++++-------------------- kexdhc.c | 151 ---------------------------------------------------------- kexdhs.c | 142 ------------------------------------------------------ kexkemc.c | 16 ++++++- kexkems.c | 10 +++- monitor.c | 12 ++--- ssh-keyscan.c | 12 ++--- ssh_api.c | 22 ++++----- sshconnect2.c | 12 ++--- sshd.c | 12 ++--- 12 files changed, 155 insertions(+), 386 deletions(-) delete mode 100644 kexdhc.c delete mode 100644 kexdhs.c diff --git a/Makefile.in b/Makefile.in index 89f930367..3a179a66f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -98,6 +98,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ + kexgexc.o kexecdhc.o \ + kexgexs.o kexecdhs.o \ sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \ platform-pledge.o platform-tracing.o platform-misc.o diff --git a/kex.h b/kex.h index 2eec2e04f..de5e473e1 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.100 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.101 2019/01/21 10:28:01 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -211,6 +211,11 @@ int kexc25519_server(struct ssh *); int kex_kem_client(struct ssh *); int kex_kem_server(struct ssh *); +int kex_dh_keypair(struct kex *); +int kex_dh_enc(struct kex *, const u_char *, size_t, struct sshbuf **, + struct sshbuf **); +int kex_dh_dec(struct kex *, const u_char *, size_t, struct sshbuf **); + int kex_c25519_keypair(struct kex *); int kex_c25519_enc(struct kex *, const u_char *, size_t, struct sshbuf **, struct sshbuf **); @@ -224,9 +229,6 @@ int kex_kem_sntrup4591761x25519_dec(struct kex *, const u_char *, size_t, int kex_dh_keygen(struct kex *); int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *); -int kex_dh_hash(int, const struct sshbuf *, const struct sshbuf *, - const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, - const BIGNUM *, const BIGNUM *, const u_char *, size_t, u_char *, size_t *); int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, diff --git a/kexdh.c b/kexdh.c index 5324857b2..4b811b617 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,6 +1,6 @@ -/* $OpenBSD: kexdh.c,v 1.29 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.30 2019/01/21 10:28:01 djm Exp $ */ /* - * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2019 Markus Friedl. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,17 +30,11 @@ #include #include +#include +#include -#include - -#include "openbsd-compat/openssl-compat.h" - -#include "ssh2.h" #include "sshkey.h" -#include "cipher.h" #include "kex.h" -#include "dh.h" -#include "ssherr.h" #include "sshbuf.h" #include "digest.h" #include "dh.h" @@ -113,53 +107,95 @@ kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out) } int -kex_dh_hash( - int hash_alg, - const struct sshbuf *client_version, - const struct sshbuf *server_version, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, - const BIGNUM *client_dh_pub, - const BIGNUM *server_dh_pub, - const u_char *shared_secret, size_t secretlen, - u_char *hash, size_t *hashlen) +kex_dh_keypair(struct kex *kex) { - struct sshbuf *b; + const BIGNUM *pub_key; + struct sshbuf *buf = NULL; int r; - if (*hashlen < ssh_digest_bytes(hash_alg)) - return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_stringb(b, client_version)) < 0 || - (r = sshbuf_put_stringb(b, server_version)) < 0 || - /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || - (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || - (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || - (r = sshbuf_put(b, shared_secret, secretlen)) != 0) { - sshbuf_free(b); + if ((r = kex_dh_keygen(kex)) != 0) return r; - } -#ifdef DEBUG_KEX - sshbuf_dump(b, stderr); + DH_get0_key(kex->dh, &pub_key, NULL); + if ((buf = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_bignum2(buf, pub_key)) != 0 || + (r = sshbuf_get_u32(buf, NULL)) != 0) + goto out; +#ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, pub_key); + fprintf(stderr, "\n"); #endif - if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { - sshbuf_free(b); - return SSH_ERR_LIBCRYPTO_ERROR; + kex->kem_client_pub = buf; + buf = NULL; + out: + sshbuf_free(buf); + return r; +} + +int +kex_dh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, + struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +{ + const BIGNUM *pub_key; + struct sshbuf *server_blob = NULL; + int r; + + *server_blobp = NULL; + *shared_secretp = NULL; + + if ((r = kex_dh_keygen(kex)) != 0) + goto out; + DH_get0_key(kex->dh, &pub_key, NULL); + if ((server_blob = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; } - sshbuf_free(b); - *hashlen = ssh_digest_bytes(hash_alg); -#ifdef DEBUG_KEX - dump_digest("hash", hash, *hashlen); -#endif - return 0; + if ((r = sshbuf_put_bignum2(server_blob, pub_key)) != 0 || + (r = sshbuf_get_u32(server_blob, NULL)) != 0) + goto out; + if ((r = kex_dh_dec(kex, pkblob, pklen, shared_secretp)) != 0) + goto out; + *server_blobp = server_blob; + server_blob = NULL; + out: + DH_free(kex->dh); + kex->dh = NULL; + sshbuf_free(server_blob); + return r; +} + +int +kex_dh_dec(struct kex *kex, const u_char *pkblob, size_t pklen, + struct sshbuf **shared_secretp) +{ + struct sshbuf *buf = NULL; + BIGNUM *dh_pub = NULL; + int r; + + *shared_secretp = NULL; + + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_u32(buf, pklen)) != 0 || + (r = sshbuf_put(buf, pkblob, pklen)) != 0) { + goto out; + } + if ((r = sshbuf_get_bignum2(buf, &dh_pub)) != 0) { + goto out; + } + sshbuf_reset(buf); + if ((r = kex_dh_compute_key(kex, dh_pub, buf)) != 0) + goto out; + *shared_secretp = buf; + buf = NULL; + out: + DH_free(kex->dh); + kex->dh = NULL; + sshbuf_free(buf); + return r; } #endif /* WITH_OPENSSL */ diff --git a/kexdhc.c b/kexdhc.c deleted file mode 100644 index a2af8cb08..000000000 --- a/kexdhc.c +++ /dev/null @@ -1,151 +0,0 @@ -/* $OpenBSD: kexdhc.c,v 1.29 2019/01/21 10:07:22 djm Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include - -#include - -#include -#include -#include -#include - -#include "openbsd-compat/openssl-compat.h" - -#include "sshkey.h" -#include "cipher.h" -#include "digest.h" -#include "dh.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "ssh2.h" -#include "dispatch.h" -#include "compat.h" -#include "ssherr.h" -#include "sshbuf.h" - -static int input_kex_dh(int, u_int32_t, struct ssh *); - -int -kexdh_client(struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - int r; - const BIGNUM *pub_key; - - /* generate and send 'e', client DH public key */ - if ((r = kex_dh_keygen(kex)) != 0) - goto out; - debug("sending SSH2_MSG_KEXDH_INIT"); - DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || - (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -#ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, pub_key); - fprintf(stderr, "\n"); -#endif - debug("expecting SSH2_MSG_KEXDH_REPLY"); - ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh); - r = 0; - out: - return r; -} - -static int -input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - BIGNUM *dh_server_pub = NULL; - const BIGNUM *pub_key; - struct sshkey *server_host_key = NULL; - struct sshbuf *shared_secret = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; - int r; - - /* key, cert */ - if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) - goto out; - if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) - goto out; - /* DH parameter f, server public DH key, signed H */ - if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || - (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - if ((shared_secret = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = kex_dh_compute_key(kex, dh_server_pub, shared_secret)) != 0) - goto out; - - /* calc and verify H */ - DH_get0_key(kex->dh, &pub_key, NULL); - hashlen = sizeof(hash); - if ((r = kex_dh_hash( - kex->hash_alg, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - pub_key, - dh_server_pub, - sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), - hash, &hashlen)) != 0) - goto out; - - if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - kex->hostkey_alg, ssh->compat)) != 0) - goto out; - - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); - out: - explicit_bzero(hash, sizeof(hash)); - DH_free(kex->dh); - kex->dh = NULL; - BN_clear_free(dh_server_pub); - sshbuf_free(shared_secret); - sshkey_free(server_host_key); - free(server_host_key_blob); - free(signature); - return r; -} -#endif /* WITH_OPENSSL */ diff --git a/kexdhs.c b/kexdhs.c deleted file mode 100644 index e33901bbf..000000000 --- a/kexdhs.c +++ /dev/null @@ -1,142 +0,0 @@ -/* $OpenBSD: kexdhs.c,v 1.35 2019/01/21 10:05:09 djm Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include - -#include -#include -#include - -#include - -#include "openbsd-compat/openssl-compat.h" - -#include "sshkey.h" -#include "cipher.h" -#include "digest.h" -#include "dh.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "ssh2.h" - -#include "dispatch.h" -#include "compat.h" -#include "ssherr.h" -#include "sshbuf.h" - -static int input_kex_dh_init(int, u_int32_t, struct ssh *); - -int -kexdh_server(struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - int r; - - /* generate server DH public key */ - if ((r = kex_dh_keygen(kex)) != 0) - return r; - debug("expecting SSH2_MSG_KEXDH_INIT"); - ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); - return 0; -} - -int -input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - BIGNUM *dh_client_pub = NULL; - const BIGNUM *pub_key; - struct sshkey *server_host_public, *server_host_private; - struct sshbuf *shared_secret = NULL; - u_char *signature = NULL, *server_host_key_blob = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t sbloblen, slen; - size_t hashlen; - int r; - - if ((r = kex_load_hostkey(ssh, &server_host_private, - &server_host_public)) != 0) - goto out; - - /* key, cert */ - if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - if ((shared_secret = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0) - goto out; - if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) - goto out; - /* calc H */ - DH_get0_key(kex->dh, &pub_key, NULL); - hashlen = sizeof(hash); - if ((r = kex_dh_hash( - kex->hash_alg, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - dh_client_pub, - pub_key, - sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), - hash, &hashlen)) != 0) - goto out; - - /* sign H */ - if ((r = kex->sign(ssh, server_host_private, server_host_public, - &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) - goto out; - - /* send server hostkey, DH pubkey 'f' and signed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); - out: - explicit_bzero(hash, sizeof(hash)); - DH_free(kex->dh); - kex->dh = NULL; - BN_clear_free(dh_client_pub); - sshbuf_free(shared_secret); - free(server_host_key_blob); - free(signature); - return r; -} -#endif /* WITH_OPENSSL */ diff --git a/kexkemc.c b/kexkemc.c index 13f36a116..384a4db59 100644 --- a/kexkemc.c +++ b/kexkemc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkemc.c,v 1.2 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: kexkemc.c,v 1.3 2019/01/21 10:28:02 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -48,6 +48,13 @@ kex_kem_client(struct ssh *ssh) int r; switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + case KEX_DH_GRP16_SHA512: + case KEX_DH_GRP18_SHA512: + r = kex_dh_keypair(kex); + break; case KEX_C25519_SHA256: r = kex_c25519_keypair(kex); break; @@ -99,6 +106,13 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) /* compute shared secret */ switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + case KEX_DH_GRP16_SHA512: + case KEX_DH_GRP18_SHA512: + r = kex_dh_dec(kex, server_pubkey, pklen, &shared_secret); + break; case KEX_C25519_SHA256: r = kex_c25519_dec(kex, server_pubkey, pklen, &shared_secret); break; diff --git a/kexkems.c b/kexkems.c index 89237902b..f35906d53 100644 --- a/kexkems.c +++ b/kexkems.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkems.c,v 1.2 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: kexkems.c,v 1.3 2019/01/21 10:28:02 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -69,6 +69,14 @@ input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) /* compute shared secret */ switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + case KEX_DH_GRP16_SHA512: + case KEX_DH_GRP18_SHA512: + r = kex_dh_enc(kex, client_pubkey, pklen, &server_pubkey, + &shared_secret); + break; case KEX_C25519_SHA256: r = kex_c25519_enc(kex, client_pubkey, pklen, &server_pubkey, &shared_secret); diff --git a/monitor.c b/monitor.c index 9f86d5b75..01204c2cd 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.194 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.195 2019/01/21 10:28:02 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1677,11 +1677,11 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) if ((kex = ssh->kex) != NULL) { /* XXX set callbacks */ #ifdef WITH_OPENSSL - kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; - kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; - kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; - kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; - kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; + kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; + kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; + kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; + kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 9eebc1445..3d2760056 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.122 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.123 2019/01/21 10:28:02 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -260,11 +260,11 @@ keygrab_ssh2(con *c) exit(1); } #ifdef WITH_OPENSSL - c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; - c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; - c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; - c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; - c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; + c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; + c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; + c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; + c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/ssh_api.c b/ssh_api.c index fe9fbf5a7..ac614e599 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.12 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.13 2019/01/21 10:28:02 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -99,11 +99,11 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->server = is_server; if (is_server) { #ifdef WITH_OPENSSL - ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; - ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; - ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; - ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; - ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; + ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC @@ -117,11 +117,11 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->sign=&_ssh_host_key_sign; } else { #ifdef WITH_OPENSSL - ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/sshconnect2.c b/sshconnect2.c index be19722bb..ebeff29bd 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.298 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.299 2019/01/21 10:28:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -201,11 +201,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) if ((r = kex_setup(ssh, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); #ifdef WITH_OPENSSL - ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; - ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/sshd.c b/sshd.c index 665b22b1e..eb92785bf 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.529 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.530 2019/01/21 10:28:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2207,11 +2207,11 @@ do_ssh2_kex(struct ssh *ssh) fatal("kex_setup: %s", ssh_err(r)); kex = ssh->kex; #ifdef WITH_OPENSSL - kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; - kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; - kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; - kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; - kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; + kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; + kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; + kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; + kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC -- cgit v1.2.3 From b72357217cbe510a3ae155307a7be6b9181f1d1b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 23:11:21 +1100 Subject: fixup missing ssherr.h --- kexdh.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kexdh.c b/kexdh.c index 4b811b617..98597eade 100644 --- a/kexdh.c +++ b/kexdh.c @@ -37,6 +37,7 @@ #include "kex.h" #include "sshbuf.h" #include "digest.h" +#include "ssherr.h" #include "dh.h" int -- cgit v1.2.3 From 92dda34e373832f34a1944e5d9ebbebb184dedc1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:29:56 +0000 Subject: upstream: use KEM API for vanilla ECDH from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c --- Makefile.in | 3 +- kex.h | 12 ++-- kexecdh.c | 213 ++++++++++++++++++++++++++++++++++++++++++++-------------- kexecdhc.c | 199 ------------------------------------------------------ kexecdhs.c | 182 ------------------------------------------------- kexkemc.c | 8 ++- kexkems.c | 6 +- monitor.c | 4 +- ssh-keyscan.c | 4 +- ssh_api.c | 6 +- sshconnect2.c | 4 +- sshd.c | 4 +- 12 files changed, 193 insertions(+), 452 deletions(-) delete mode 100644 kexecdhc.c delete mode 100644 kexecdhs.c diff --git a/Makefile.in b/Makefile.in index 3a179a66f..fd539184a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -98,8 +98,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ - kexgexc.o kexecdhc.o \ - kexgexs.o kexecdhs.o \ + kexgexc.o kexgexs.o \ sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \ platform-pledge.o platform-tracing.o platform-misc.o diff --git a/kex.h b/kex.h index de5e473e1..9b4c23670 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.101 2019/01/21 10:28:01 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.102 2019/01/21 10:29:56 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -216,6 +216,11 @@ int kex_dh_enc(struct kex *, const u_char *, size_t, struct sshbuf **, struct sshbuf **); int kex_dh_dec(struct kex *, const u_char *, size_t, struct sshbuf **); +int kex_ecdh_keypair(struct kex *); +int kex_ecdh_enc(struct kex *, const u_char *, size_t, struct sshbuf **, + struct sshbuf **); +int kex_ecdh_dec(struct kex *, const u_char *, size_t, struct sshbuf **); + int kex_c25519_keypair(struct kex *); int kex_c25519_enc(struct kex *, const u_char *, size_t, struct sshbuf **, struct sshbuf **); @@ -237,11 +242,6 @@ int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, const BIGNUM *, const u_char *, size_t, u_char *, size_t *); -int kex_ecdh_hash(int, const EC_GROUP *, - const struct sshbuf *, const struct sshbuf *, - const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, - const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); - int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, diff --git a/kexecdh.c b/kexecdh.c index 4380427ea..263f9fd87 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -1,7 +1,7 @@ -/* $OpenBSD: kexecdh.c,v 1.7 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.8 2019/01/21 10:29:56 djm Exp $ */ /* - * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. + * Copyright (c) 2019 Markus Friedl. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,71 +30,184 @@ #include -#include +#include #include +#include -#include -#include -#include #include -#include "ssh2.h" #include "sshkey.h" -#include "cipher.h" #include "kex.h" #include "sshbuf.h" #include "digest.h" #include "ssherr.h" +static int +kex_ecdh_dec_key_group(struct kex *, const u_char *, size_t, EC_KEY *key, + const EC_GROUP *, struct sshbuf **); + int -kex_ecdh_hash( - int hash_alg, - const EC_GROUP *ec_group, - const struct sshbuf *client_version, - const struct sshbuf *server_version, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, - const EC_POINT *client_dh_pub, - const EC_POINT *server_dh_pub, - const BIGNUM *shared_secret, - u_char *hash, size_t *hashlen) +kex_ecdh_keypair(struct kex *kex) +{ + EC_KEY *client_key = NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + struct sshbuf *buf = NULL; + int r; + + if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EC_KEY_generate_key(client_key) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + group = EC_KEY_get0_group(client_key); + public_key = EC_KEY_get0_public_key(client_key); + + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_ec(buf, public_key, group)) != 0 || + (r = sshbuf_get_u32(buf, NULL)) != 0) + goto out; +#ifdef DEBUG_KEXECDH + fputs("client private key:\n", stderr); + sshkey_dump_ec_key(client_key); +#endif + kex->ec_client_key = client_key; + kex->ec_group = group; + client_key = NULL; /* owned by the kex */ + kex->kem_client_pub = buf; + buf = NULL; + out: + EC_KEY_free(client_key); + sshbuf_free(buf); + return r; +} + +int +kex_ecdh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, + struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +{ + const EC_GROUP *group; + const EC_POINT *pub_key; + EC_KEY *server_key = NULL; + struct sshbuf *server_blob = NULL; + int r; + + *server_blobp = NULL; + *shared_secretp = NULL; + + if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EC_KEY_generate_key(server_key) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + group = EC_KEY_get0_group(server_key); + +#ifdef DEBUG_KEXECDH + fputs("server private key:\n", stderr); + sshkey_dump_ec_key(server_key); +#endif + pub_key = EC_KEY_get0_public_key(server_key); + if ((server_blob = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_ec(server_blob, pub_key, group)) != 0 || + (r = sshbuf_get_u32(server_blob, NULL)) != 0) + goto out; + if ((r = kex_ecdh_dec_key_group(kex, pkblob, pklen, server_key, group, + shared_secretp)) != 0) + goto out; + *server_blobp = server_blob; + server_blob = NULL; + out: + EC_KEY_free(server_key); + sshbuf_free(server_blob); + return r; +} + +static int +kex_ecdh_dec_key_group(struct kex *kex, const u_char *pkblob, size_t pklen, + EC_KEY *key, const EC_GROUP *group, struct sshbuf **shared_secretp) { - struct sshbuf *b; + struct sshbuf *buf = NULL; + BIGNUM *shared_secret = NULL; + EC_POINT *dh_pub = NULL; + u_char *kbuf = NULL; + size_t klen = 0; int r; - if (*hashlen < ssh_digest_bytes(hash_alg)) - return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_stringb(b, client_version)) < 0 || - (r = sshbuf_put_stringb(b, server_version)) < 0 || - /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || - (r = sshbuf_put_ec(b, client_dh_pub, ec_group)) != 0 || - (r = sshbuf_put_ec(b, server_dh_pub, ec_group)) != 0 || - (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { - sshbuf_free(b); - return r; + *shared_secretp = NULL; + + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_u32(buf, pklen)) != 0 || + (r = sshbuf_put(buf, pkblob, pklen)) != 0) { + goto out; + } + if ((dh_pub = EC_POINT_new(group)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) { + goto out; } -#ifdef DEBUG_KEX - sshbuf_dump(b, stderr); + sshbuf_reset(buf); + +#ifdef DEBUG_KEXECDH + fputs("public key:\n", stderr); + sshkey_dump_ec_point(group, dh_pub); #endif - if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { - sshbuf_free(b); - return SSH_ERR_LIBCRYPTO_ERROR; + if (sshkey_ec_validate_public(group, dh_pub) != 0) { + r = SSH_ERR_MESSAGE_INCOMPLETE; + goto out; + } + klen = (EC_GROUP_get_degree(group) + 7) / 8; + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen || + BN_bin2bn(kbuf, klen, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; } - sshbuf_free(b); - *hashlen = ssh_digest_bytes(hash_alg); -#ifdef DEBUG_KEX - dump_digest("hash", hash, *hashlen); +#ifdef DEBUG_KEXECDH + dump_digest("shared secret", kbuf, klen); #endif - return 0; + if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0) + goto out; + *shared_secretp = buf; + buf = NULL; + out: + EC_POINT_clear_free(dh_pub); + BN_clear_free(shared_secret); + freezero(kbuf, klen); + sshbuf_free(buf); + return r; +} + +int +kex_ecdh_dec(struct kex *kex, const u_char *pkblob, size_t pklen, + struct sshbuf **shared_secretp) +{ + int r; + + r = kex_ecdh_dec_key_group(kex, pkblob, pklen, kex->ec_client_key, + kex->ec_group, shared_secretp); + EC_KEY_free(kex->ec_client_key); + kex->ec_client_key = NULL; + return r; } #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ diff --git a/kexecdhc.c b/kexecdhc.c deleted file mode 100644 index bfb9f4707..000000000 --- a/kexecdhc.c +++ /dev/null @@ -1,199 +0,0 @@ -/* $OpenBSD: kexecdhc.c,v 1.16 2019/01/21 10:07:22 djm Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * Copyright (c) 2010 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) - -#include - -#include -#include -#include - -#include - -#include "sshkey.h" -#include "cipher.h" -#include "digest.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "dh.h" -#include "ssh2.h" -#include "dispatch.h" -#include "compat.h" -#include "ssherr.h" -#include "sshbuf.h" - -static int input_kex_ecdh_reply(int, u_int32_t, struct ssh *); - -int -kexecdh_client(struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - EC_KEY *client_key = NULL; - const EC_GROUP *group; - const EC_POINT *public_key; - int r; - - if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_KEY_generate_key(client_key) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - group = EC_KEY_get0_group(client_key); - public_key = EC_KEY_get0_public_key(client_key); - - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || - (r = sshpkt_put_ec(ssh, public_key, group)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - debug("sending SSH2_MSG_KEX_ECDH_INIT"); - -#ifdef DEBUG_KEXECDH - fputs("client private key:\n", stderr); - sshkey_dump_ec_key(client_key); -#endif - kex->ec_client_key = client_key; - kex->ec_group = group; - client_key = NULL; /* owned by the kex */ - - debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); - ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply); - r = 0; - out: - EC_KEY_free(client_key); - return r; -} - -static int -input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - const EC_GROUP *group; - EC_POINT *server_public = NULL; - EC_KEY *client_key; - BIGNUM *shared_secret = NULL; - struct sshkey *server_host_key = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char *kbuf = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen; - size_t klen = 0, hashlen; - int r; - - group = kex->ec_group; - client_key = kex->ec_client_key; - - /* hostkey */ - if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) - goto out; - if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) - goto out; - - /* Q_S, server public key */ - /* signed H */ - if ((server_public = EC_POINT_new(group)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 || - (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - -#ifdef DEBUG_KEXECDH - fputs("server public key:\n", stderr); - sshkey_dump_ec_point(group, server_public); -#endif - if (sshkey_ec_validate_public(group, server_public) != 0) { - sshpkt_disconnect(ssh, "invalid server public key"); - r = SSH_ERR_MESSAGE_INCOMPLETE; - goto out; - } - - klen = (EC_GROUP_get_degree(group) + 7) / 8; - if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (ECDH_compute_key(kbuf, klen, server_public, - client_key, NULL) != (int)klen || - BN_bin2bn(kbuf, klen, shared_secret) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - -#ifdef DEBUG_KEXECDH - dump_digest("shared secret", kbuf, klen); -#endif - /* calc and verify H */ - hashlen = sizeof(hash); - if ((r = kex_ecdh_hash( - kex->hash_alg, - group, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - EC_KEY_get0_public_key(client_key), - server_public, - shared_secret, - hash, &hashlen)) != 0) - goto out; - - if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, kex->hostkey_alg, ssh->compat)) != 0) - goto out; - - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); - out: - explicit_bzero(hash, sizeof(hash)); - EC_KEY_free(kex->ec_client_key); - kex->ec_client_key = NULL; - EC_POINT_clear_free(server_public); - if (kbuf) { - explicit_bzero(kbuf, klen); - free(kbuf); - } - BN_clear_free(shared_secret); - sshkey_free(server_host_key); - free(server_host_key_blob); - free(signature); - return r; -} -#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ - diff --git a/kexecdhs.c b/kexecdhs.c deleted file mode 100644 index b9254eed7..000000000 --- a/kexecdhs.c +++ /dev/null @@ -1,182 +0,0 @@ -/* $OpenBSD: kexecdhs.c,v 1.21 2019/01/21 10:05:09 djm Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * Copyright (c) 2010 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) - -#include -#include -#include - -#include - -#include "sshkey.h" -#include "cipher.h" -#include "digest.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "ssh2.h" - -#include "dispatch.h" -#include "compat.h" -#include "ssherr.h" -#include "sshbuf.h" - -static int input_kex_ecdh_init(int, u_int32_t, struct ssh *); - -int -kexecdh_server(struct ssh *ssh) -{ - debug("expecting SSH2_MSG_KEX_ECDH_INIT"); - ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_ecdh_init); - return 0; -} - -static int -input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - EC_POINT *client_public; - EC_KEY *server_key = NULL; - const EC_GROUP *group; - const EC_POINT *public_key; - BIGNUM *shared_secret = NULL; - struct sshkey *server_host_private, *server_host_public; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char *kbuf = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen; - size_t klen = 0, hashlen; - int r; - - if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_KEY_generate_key(server_key) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - group = EC_KEY_get0_group(server_key); - -#ifdef DEBUG_KEXECDH - fputs("server private key:\n", stderr); - sshkey_dump_ec_key(server_key); -#endif - - if ((r = kex_load_hostkey(ssh, &server_host_private, - &server_host_public)) != 0) - goto out; - if ((client_public = EC_POINT_new(group)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshpkt_get_ec(ssh, client_public, group)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - -#ifdef DEBUG_KEXECDH - fputs("client public key:\n", stderr); - sshkey_dump_ec_point(group, client_public); -#endif - if (sshkey_ec_validate_public(group, client_public) != 0) { - sshpkt_disconnect(ssh, "invalid client public key"); - r = SSH_ERR_MESSAGE_INCOMPLETE; - goto out; - } - - /* Calculate shared_secret */ - klen = (EC_GROUP_get_degree(group) + 7) / 8; - if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (ECDH_compute_key(kbuf, klen, client_public, - server_key, NULL) != (int)klen || - BN_bin2bn(kbuf, klen, shared_secret) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - -#ifdef DEBUG_KEXECDH - dump_digest("shared secret", kbuf, klen); -#endif - /* calc H */ - if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) - goto out; - hashlen = sizeof(hash); - if ((r = kex_ecdh_hash( - kex->hash_alg, - group, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - client_public, - EC_KEY_get0_public_key(server_key), - shared_secret, - hash, &hashlen)) != 0) - goto out; - - /* sign H */ - if ((r = kex->sign(ssh, server_host_private, server_host_public, - &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) - goto out; - - /* destroy_sensitive_data(); */ - - public_key = EC_KEY_get0_public_key(server_key); - /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_ec(ssh, public_key, group)) != 0 || - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); - out: - explicit_bzero(hash, sizeof(hash)); - EC_KEY_free(kex->ec_client_key); - kex->ec_client_key = NULL; - EC_KEY_free(server_key); - if (kbuf) { - explicit_bzero(kbuf, klen); - free(kbuf); - } - BN_clear_free(shared_secret); - free(server_host_key_blob); - free(signature); - return r; -} -#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ - diff --git a/kexkemc.c b/kexkemc.c index 384a4db59..55055de27 100644 --- a/kexkemc.c +++ b/kexkemc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkemc.c,v 1.3 2019/01/21 10:28:02 djm Exp $ */ +/* $OpenBSD: kexkemc.c,v 1.4 2019/01/21 10:29:56 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -55,6 +55,9 @@ kex_kem_client(struct ssh *ssh) case KEX_DH_GRP18_SHA512: r = kex_dh_keypair(kex); break; + case KEX_ECDH_SHA2: + r = kex_ecdh_keypair(kex); + break; case KEX_C25519_SHA256: r = kex_c25519_keypair(kex); break; @@ -113,6 +116,9 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_DH_GRP18_SHA512: r = kex_dh_dec(kex, server_pubkey, pklen, &shared_secret); break; + case KEX_ECDH_SHA2: + r = kex_ecdh_dec(kex, server_pubkey, pklen, &shared_secret); + break; case KEX_C25519_SHA256: r = kex_c25519_dec(kex, server_pubkey, pklen, &shared_secret); break; diff --git a/kexkems.c b/kexkems.c index f35906d53..10ef12196 100644 --- a/kexkems.c +++ b/kexkems.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkems.c,v 1.3 2019/01/21 10:28:02 djm Exp $ */ +/* $OpenBSD: kexkems.c,v 1.4 2019/01/21 10:29:56 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -77,6 +77,10 @@ input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_dh_enc(kex, client_pubkey, pklen, &server_pubkey, &shared_secret); break; + case KEX_ECDH_SHA2: + r = kex_ecdh_enc(kex, client_pubkey, pklen, &server_pubkey, + &shared_secret); + break; case KEX_C25519_SHA256: r = kex_c25519_enc(kex, client_pubkey, pklen, &server_pubkey, &shared_secret); diff --git a/monitor.c b/monitor.c index 01204c2cd..d3357b73c 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.195 2019/01/21 10:28:02 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.196 2019/01/21 10:29:56 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1685,7 +1685,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC - kex->kex[KEX_ECDH_SHA2] = kexecdh_server; + kex->kex[KEX_ECDH_SHA2] = kex_kem_server; # endif #endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kex_kem_server; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 3d2760056..9541ecf4a 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.123 2019/01/21 10:28:02 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.124 2019/01/21 10:29:56 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -268,7 +268,7 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC - c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; + c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; # endif #endif c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; diff --git a/ssh_api.c b/ssh_api.c index ac614e599..b21769d23 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.13 2019/01/21 10:28:02 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.14 2019/01/21 10:29:56 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -107,7 +107,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; + ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_server; # endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_server; @@ -125,7 +125,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; + ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; # endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; diff --git a/sshconnect2.c b/sshconnect2.c index ebeff29bd..aa5160185 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.299 2019/01/21 10:28:02 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.300 2019/01/21 10:29:56 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -209,7 +209,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; + ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; # endif #endif ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; diff --git a/sshd.c b/sshd.c index eb92785bf..ddbedd6c6 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.530 2019/01/21 10:28:02 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.531 2019/01/21 10:29:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2215,7 +2215,7 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC - kex->kex[KEX_ECDH_SHA2] = kexecdh_server; + kex->kex[KEX_ECDH_SHA2] = kex_kem_server; # endif #endif kex->kex[KEX_C25519_SHA256] = kex_kem_server; -- cgit v1.2.3 From 4b83e2a2cc0c12e671a77eaba1c1245894f4e884 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:33:49 +0000 Subject: upstream: remove kex_derive_keys_bn wrapper; no unused since the DH-like KEX methods have moved to KEM from markus@ ok djm@ OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060 --- kex.c | 19 +------------------ kex.h | 3 +-- 2 files changed, 2 insertions(+), 20 deletions(-) diff --git a/kex.c b/kex.c index 0dba2cefa..4fb087863 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.147 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.148 2019/01/21 10:33:49 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1038,23 +1038,6 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, return 0; } -#ifdef WITH_OPENSSL -int -kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, - const BIGNUM *secret) -{ - struct sshbuf *shared_secret; - int r; - - if ((shared_secret = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_bignum2(shared_secret, secret)) == 0) - r = kex_derive_keys(ssh, hash, hashlen, shared_secret); - sshbuf_free(shared_secret); - return r; -} -#endif - int kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp) { diff --git a/kex.h b/kex.h index 9b4c23670..e3be30403 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.102 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.103 2019/01/21 10:33:49 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -196,7 +196,6 @@ int kex_send_kexinit(struct ssh *); int kex_input_kexinit(int, u_int32_t, struct ssh *); int kex_input_ext_info(int, u_int32_t, struct ssh *); int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); -int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); int kex_send_newkeys(struct ssh *); int kex_start_rekex(struct ssh *); -- cgit v1.2.3 From 71e67fff946396caa110a7964da23480757258ff Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:35:09 +0000 Subject: upstream: pass values used in KEX hash computation as sshbuf rather than pointer+len suggested by me; implemented by markus@ ok me OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0 --- kex.h | 22 +++++++++++----------- kexc25519.c | 38 +++++++++++++++++++++----------------- kexdh.c | 16 ++++++---------- kexecdh.c | 18 ++++++++---------- kexkemc.c | 24 ++++++++++++------------ kexkems.c | 24 ++++++++++++------------ kexsntrup4591761x25519.c | 34 +++++++++++++++++++--------------- packet.c | 8 +++++++- packet.h | 3 ++- 9 files changed, 98 insertions(+), 89 deletions(-) diff --git a/kex.h b/kex.h index e3be30403..6798e33f9 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.103 2019/01/21 10:33:49 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.104 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -211,24 +211,24 @@ int kex_kem_client(struct ssh *); int kex_kem_server(struct ssh *); int kex_dh_keypair(struct kex *); -int kex_dh_enc(struct kex *, const u_char *, size_t, struct sshbuf **, +int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_dh_dec(struct kex *, const u_char *, size_t, struct sshbuf **); +int kex_dh_dec(struct kex *, const struct sshbuf *, struct sshbuf **); int kex_ecdh_keypair(struct kex *); -int kex_ecdh_enc(struct kex *, const u_char *, size_t, struct sshbuf **, +int kex_ecdh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_ecdh_dec(struct kex *, const u_char *, size_t, struct sshbuf **); +int kex_ecdh_dec(struct kex *, const struct sshbuf *, struct sshbuf **); int kex_c25519_keypair(struct kex *); -int kex_c25519_enc(struct kex *, const u_char *, size_t, struct sshbuf **, +int kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_c25519_dec(struct kex *, const u_char *, size_t, struct sshbuf **); +int kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); int kex_kem_sntrup4591761x25519_keypair(struct kex *); -int kex_kem_sntrup4591761x25519_enc(struct kex *, const u_char *, size_t, +int kex_kem_sntrup4591761x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_sntrup4591761x25519_dec(struct kex *, const u_char *, size_t, +int kex_kem_sntrup4591761x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); int kex_dh_keygen(struct kex *); @@ -243,8 +243,8 @@ int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, - const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, - const u_char *, size_t, u_char *, size_t *); + const u_char *, size_t, const struct sshbuf *, const struct sshbuf *, + const struct sshbuf *, u_char *, size_t *); void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) diff --git a/kexc25519.c b/kexc25519.c index a06c6e44b..ec5bb574f 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.14 2019/01/21 10:24:09 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.15 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -96,9 +96,9 @@ kex_c25519_hash( const u_char *ckexinit, size_t ckexinitlen, const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, - const u_char *client_pub, size_t client_pub_len, - const u_char *server_pub, size_t server_pub_len, - const u_char *shared_secret, size_t secretlen, + const struct sshbuf *client_pub, + const struct sshbuf *server_pub, + const struct sshbuf *shared_secret, u_char *hash, size_t *hashlen) { struct sshbuf *b; @@ -118,9 +118,9 @@ kex_c25519_hash( (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || - (r = sshbuf_put_string(b, client_pub, client_pub_len)) != 0 || - (r = sshbuf_put_string(b, server_pub, server_pub_len)) != 0 || - (r = sshbuf_put(b, shared_secret, secretlen)) != 0) { + (r = sshbuf_put_stringb(b, client_pub)) != 0 || + (r = sshbuf_put_stringb(b, server_pub)) != 0 || + (r = sshbuf_putb(b, shared_secret)) != 0) { sshbuf_free(b); return r; } @@ -162,11 +162,12 @@ kex_c25519_keypair(struct kex *kex) } int -kex_c25519_enc(struct kex *kex, const u_char *pkblob, - size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +kex_c25519_enc(struct kex *kex, const struct sshbuf *client_blob, + struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { struct sshbuf *server_blob = NULL; struct sshbuf *buf = NULL; + const u_char *client_pub; u_char *server_pub; u_char server_key[CURVE25519_SIZE]; int r; @@ -174,12 +175,13 @@ kex_c25519_enc(struct kex *kex, const u_char *pkblob, *server_blobp = NULL; *shared_secretp = NULL; - if (pklen != CURVE25519_SIZE) { + if (sshbuf_len(client_blob) != CURVE25519_SIZE) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } + client_pub = sshbuf_ptr(client_blob); #ifdef DEBUG_KEXECDH - dump_digest("client public key 25519:", pkblob, CURVE25519_SIZE); + dump_digest("client public key 25519:", client_pub, CURVE25519_SIZE); #endif /* allocate space for encrypted KEM key and ECDH pub key */ if ((server_blob = sshbuf_new()) == NULL) { @@ -194,7 +196,7 @@ kex_c25519_enc(struct kex *kex, const u_char *pkblob, r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = kexc25519_shared_key_ext(server_key, pkblob, buf, 0)) < 0) + if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 0)) < 0) goto out; #ifdef DEBUG_KEXECDH dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE); @@ -212,27 +214,29 @@ kex_c25519_enc(struct kex *kex, const u_char *pkblob, } int -kex_c25519_dec(struct kex *kex, const u_char *pkblob, - size_t pklen, struct sshbuf **shared_secretp) +kex_c25519_dec(struct kex *kex, const struct sshbuf *server_blob, + struct sshbuf **shared_secretp) { struct sshbuf *buf = NULL; + const u_char *server_pub; int r; *shared_secretp = NULL; - if (pklen != CURVE25519_SIZE) { + if (sshbuf_len(server_blob) != CURVE25519_SIZE) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } + server_pub = sshbuf_ptr(server_blob); #ifdef DEBUG_KEXECDH - dump_digest("server public key c25519:", pkblob, CURVE25519_SIZE); + dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE); #endif /* shared secret */ if ((buf = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, pkblob, + if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub, buf, 0)) < 0) goto out; #ifdef DEBUG_KEXECDH diff --git a/kexdh.c b/kexdh.c index 98597eade..943774624 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.30 2019/01/21 10:28:01 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.31 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -136,7 +136,7 @@ kex_dh_keypair(struct kex *kex) } int -kex_dh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, +kex_dh_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { const BIGNUM *pub_key; @@ -156,7 +156,7 @@ kex_dh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, if ((r = sshbuf_put_bignum2(server_blob, pub_key)) != 0 || (r = sshbuf_get_u32(server_blob, NULL)) != 0) goto out; - if ((r = kex_dh_dec(kex, pkblob, pklen, shared_secretp)) != 0) + if ((r = kex_dh_dec(kex, client_blob, shared_secretp)) != 0) goto out; *server_blobp = server_blob; server_blob = NULL; @@ -168,7 +168,7 @@ kex_dh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, } int -kex_dh_dec(struct kex *kex, const u_char *pkblob, size_t pklen, +kex_dh_dec(struct kex *kex, const struct sshbuf *dh_blob, struct sshbuf **shared_secretp) { struct sshbuf *buf = NULL; @@ -181,13 +181,9 @@ kex_dh_dec(struct kex *kex, const u_char *pkblob, size_t pklen, r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshbuf_put_u32(buf, pklen)) != 0 || - (r = sshbuf_put(buf, pkblob, pklen)) != 0) { + if ((r = sshbuf_put_stringb(buf, dh_blob)) != 0 || + (r = sshbuf_get_bignum2(buf, &dh_pub)) != 0) goto out; - } - if ((r = sshbuf_get_bignum2(buf, &dh_pub)) != 0) { - goto out; - } sshbuf_reset(buf); if ((r = kex_dh_compute_key(kex, dh_pub, buf)) != 0) goto out; diff --git a/kexecdh.c b/kexecdh.c index 263f9fd87..ae9018773 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.8 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.9 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2010 Damien Miller. All rights reserved. * Copyright (c) 2019 Markus Friedl. All rights reserved. @@ -43,7 +43,7 @@ #include "ssherr.h" static int -kex_ecdh_dec_key_group(struct kex *, const u_char *, size_t, EC_KEY *key, +kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key, const EC_GROUP *, struct sshbuf **); int @@ -89,7 +89,7 @@ kex_ecdh_keypair(struct kex *kex) } int -kex_ecdh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, +kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { const EC_GROUP *group; @@ -123,7 +123,7 @@ kex_ecdh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, if ((r = sshbuf_put_ec(server_blob, pub_key, group)) != 0 || (r = sshbuf_get_u32(server_blob, NULL)) != 0) goto out; - if ((r = kex_ecdh_dec_key_group(kex, pkblob, pklen, server_key, group, + if ((r = kex_ecdh_dec_key_group(kex, client_blob, server_key, group, shared_secretp)) != 0) goto out; *server_blobp = server_blob; @@ -135,7 +135,7 @@ kex_ecdh_enc(struct kex *kex, const u_char *pkblob, size_t pklen, } static int -kex_ecdh_dec_key_group(struct kex *kex, const u_char *pkblob, size_t pklen, +kex_ecdh_dec_key_group(struct kex *kex, const struct sshbuf *ec_blob, EC_KEY *key, const EC_GROUP *group, struct sshbuf **shared_secretp) { struct sshbuf *buf = NULL; @@ -151,10 +151,8 @@ kex_ecdh_dec_key_group(struct kex *kex, const u_char *pkblob, size_t pklen, r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshbuf_put_u32(buf, pklen)) != 0 || - (r = sshbuf_put(buf, pkblob, pklen)) != 0) { + if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0) goto out; - } if ((dh_pub = EC_POINT_new(group)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; @@ -199,12 +197,12 @@ kex_ecdh_dec_key_group(struct kex *kex, const u_char *pkblob, size_t pklen, } int -kex_ecdh_dec(struct kex *kex, const u_char *pkblob, size_t pklen, +kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob, struct sshbuf **shared_secretp) { int r; - r = kex_ecdh_dec_key_group(kex, pkblob, pklen, kex->ec_client_key, + r = kex_ecdh_dec_key_group(kex, server_blob, kex->ec_client_key, kex->ec_group, shared_secretp); EC_KEY_free(kex->ec_client_key); kex->ec_client_key = NULL; diff --git a/kexkemc.c b/kexkemc.c index 55055de27..942be5746 100644 --- a/kexkemc.c +++ b/kexkemc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkemc.c,v 1.4 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: kexkemc.c,v 1.5 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -85,10 +85,10 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) struct kex *kex = ssh->kex; struct sshkey *server_host_key = NULL; struct sshbuf *shared_secret = NULL; - u_char *server_pubkey = NULL; + struct sshbuf *server_blob = NULL; u_char *server_host_key_blob = NULL, *signature = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, pklen, sbloblen, hashlen; + size_t slen, sbloblen, hashlen; int r; /* hostkey */ @@ -102,7 +102,7 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) /* Q_S, server public key */ /* signed H */ - if ((r = sshpkt_get_string(ssh, &server_pubkey, &pklen)) != 0 || + if ((r = sshpkt_getb_froms(ssh, &server_blob)) != 0 || (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; @@ -114,16 +114,16 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_DH_GRP14_SHA256: case KEX_DH_GRP16_SHA512: case KEX_DH_GRP18_SHA512: - r = kex_dh_dec(kex, server_pubkey, pklen, &shared_secret); + r = kex_dh_dec(kex, server_blob, &shared_secret); break; case KEX_ECDH_SHA2: - r = kex_ecdh_dec(kex, server_pubkey, pklen, &shared_secret); + r = kex_ecdh_dec(kex, server_blob, &shared_secret); break; case KEX_C25519_SHA256: - r = kex_c25519_dec(kex, server_pubkey, pklen, &shared_secret); + r = kex_c25519_dec(kex, server_blob, &shared_secret); break; case KEX_KEM_SNTRUP4591761X25519_SHA512: - r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen, + r = kex_kem_sntrup4591761x25519_dec(kex, server_blob, &shared_secret); break; default: @@ -142,9 +142,9 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, - sshbuf_ptr(kex->kem_client_pub), sshbuf_len(kex->kem_client_pub), - server_pubkey, pklen, - sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), + kex->kem_client_pub, + server_blob, + shared_secret, hash, &hashlen)) != 0) goto out; @@ -160,9 +160,9 @@ out: explicit_bzero(kex->sntrup4591761_client_key, sizeof(kex->sntrup4591761_client_key)); free(server_host_key_blob); - free(server_pubkey); free(signature); sshkey_free(server_host_key); + sshbuf_free(server_blob); sshbuf_free(shared_secret); sshbuf_free(kex->kem_client_pub); kex->kem_client_pub = NULL; diff --git a/kexkems.c b/kexkems.c index 10ef12196..3ba8f0df5 100644 --- a/kexkems.c +++ b/kexkems.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexkems.c,v 1.4 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: kexkems.c,v 1.5 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -53,17 +53,17 @@ input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) struct sshkey *server_host_private, *server_host_public; struct sshbuf *shared_secret = NULL; struct sshbuf *server_pubkey = NULL; + struct sshbuf *client_pubkey = NULL; u_char *server_host_key_blob = NULL, *signature = NULL; - u_char *client_pubkey = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, pklen, sbloblen, hashlen; + size_t slen, sbloblen, hashlen; int r; if ((r = kex_load_hostkey(ssh, &server_host_private, &server_host_public)) != 0) goto out; - if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 || + if ((r = sshpkt_getb_froms(ssh, &client_pubkey)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; @@ -74,19 +74,19 @@ input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) case KEX_DH_GRP14_SHA256: case KEX_DH_GRP16_SHA512: case KEX_DH_GRP18_SHA512: - r = kex_dh_enc(kex, client_pubkey, pklen, &server_pubkey, + r = kex_dh_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; case KEX_ECDH_SHA2: - r = kex_ecdh_enc(kex, client_pubkey, pklen, &server_pubkey, + r = kex_ecdh_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; case KEX_C25519_SHA256: - r = kex_c25519_enc(kex, client_pubkey, pklen, &server_pubkey, + r = kex_c25519_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; case KEX_KEM_SNTRUP4591761X25519_SHA512: - r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey, pklen, + r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; default: @@ -108,9 +108,9 @@ input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, - client_pubkey, pklen, - sshbuf_ptr(server_pubkey), sshbuf_len(server_pubkey), - sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), + client_pubkey, + server_pubkey, + shared_secret, hash, &hashlen)) != 0) goto out; @@ -133,8 +133,8 @@ out: explicit_bzero(hash, sizeof(hash)); free(server_host_key_blob); free(signature); - free(client_pubkey); sshbuf_free(shared_secret); + sshbuf_free(client_pubkey); sshbuf_free(server_pubkey); return r; } diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c index ffe05f420..d845f3d44 100644 --- a/kexsntrup4591761x25519.c +++ b/kexsntrup4591761x25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexsntrup4591761x25519.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -66,11 +66,13 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex) } int -kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, - size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +kex_kem_sntrup4591761x25519_enc(struct kex *kex, + const struct sshbuf *client_blob, struct sshbuf **server_blobp, + struct sshbuf **shared_secretp) { struct sshbuf *server_blob = NULL; struct sshbuf *buf = NULL; + const u_char *client_pub; u_char *kem_key, *ciphertext, *server_pub; u_char server_key[CURVE25519_SIZE]; u_char hash[SSH_DIGEST_MAX_LENGTH]; @@ -80,17 +82,19 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, *server_blobp = NULL; *shared_secretp = NULL; - /* pkblob contains both KEM and ECDH client pubkeys */ + /* client_blob contains both KEM and ECDH client pubkeys */ need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE; - if (pklen != need) { + if (sshbuf_len(client_blob) != need) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } + client_pub = sshbuf_ptr(client_blob); #ifdef DEBUG_KEXECDH - dump_digest("client public key sntrup4591761:", pkblob, + dump_digest("client public key sntrup4591761:", client_pub, crypto_kem_sntrup4591761_PUBLICKEYBYTES); dump_digest("client public key 25519:", - pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, CURVE25519_SIZE); + client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES, + CURVE25519_SIZE); #endif /* allocate buffer for concatenation of KEM key and ECDH shared key */ /* the buffer will be hashed and the result is the shared secret */ @@ -110,13 +114,13 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0) goto out; /* generate and encrypt KEM key with client key */ - crypto_kem_sntrup4591761_enc(ciphertext, kem_key, pkblob); + crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub); /* generate ECDH key pair, store server pubkey after ciphertext */ server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; kexc25519_keygen(server_key, server_pub); /* append ECDH shared key */ - if ((r = kexc25519_shared_key_ext(server_key, - pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, buf, 1)) < 0) + client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES; + if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0) goto out; if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0) goto out; @@ -149,8 +153,8 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, } int -kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, - size_t pklen, struct sshbuf **shared_secretp) +kex_kem_sntrup4591761x25519_dec(struct kex *kex, + const struct sshbuf *server_blob, struct sshbuf **shared_secretp) { struct sshbuf *buf = NULL; u_char *kem_key = NULL; @@ -162,12 +166,12 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, *shared_secretp = NULL; need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE; - if (pklen != need) { + if (sshbuf_len(server_blob) != need) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } - ciphertext = pkblob; - server_pub = pkblob + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; + ciphertext = sshbuf_ptr(server_blob); + server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; #ifdef DEBUG_KEXECDH dump_digest("server cipher text:", ciphertext, crypto_kem_sntrup4591761_CIPHERTEXTBYTES); diff --git a/packet.c b/packet.c index a162791b1..ec03301b9 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.281 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.282 2019/01/21 10:35:09 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2483,6 +2483,12 @@ sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v) return sshbuf_put_stringb(ssh->state->outgoing_packet, v); } +int +sshpkt_getb_froms(struct ssh *ssh, struct sshbuf **valp) +{ + return sshbuf_froms(ssh->state->incoming_packet, valp); +} + #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC int diff --git a/packet.h b/packet.h index 98338f1f1..0dfa36da1 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.89 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.90 2019/01/21 10:35:09 djm Exp $ */ /* * Author: Tatu Ylonen @@ -199,6 +199,7 @@ int sshpkt_get_string(struct ssh *ssh, u_char **valp, size_t *lenp); int sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp); int sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp); int sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp); +int sshpkt_getb_froms(struct ssh *ssh, struct sshbuf **valp); int sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g); int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp); int sshpkt_get_end(struct ssh *ssh); -- cgit v1.2.3 From 70867e1ca2eb08bbd494fe9c568df4fd3b35b867 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:38:54 +0000 Subject: upstream: merge kexkem[cs] into kexgen from markus@ ok djm@ OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89 --- kexkems.c | 140 -------------------------------------------------------------- 1 file changed, 140 deletions(-) delete mode 100644 kexkems.c diff --git a/kexkems.c b/kexkems.c deleted file mode 100644 index 3ba8f0df5..000000000 --- a/kexkems.c +++ /dev/null @@ -1,140 +0,0 @@ -/* $OpenBSD: kexkems.c,v 1.5 2019/01/21 10:35:09 djm Exp $ */ -/* - * Copyright (c) 2019 Markus Friedl. All rights reserved. - * - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include - -#include "sshkey.h" -#include "digest.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "ssh2.h" -#include "sshbuf.h" -#include "ssherr.h" - -static int input_kex_kem_init(int, u_int32_t, struct ssh *); - -int -kex_kem_server(struct ssh *ssh) -{ - debug("expecting SSH2_MSG_KEX_ECDH_INIT"); - ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_kem_init); - return 0; -} - -static int -input_kex_kem_init(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - struct sshkey *server_host_private, *server_host_public; - struct sshbuf *shared_secret = NULL; - struct sshbuf *server_pubkey = NULL; - struct sshbuf *client_pubkey = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; - int r; - - if ((r = kex_load_hostkey(ssh, &server_host_private, - &server_host_public)) != 0) - goto out; - - if ((r = sshpkt_getb_froms(ssh, &client_pubkey)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - - /* compute shared secret */ - switch (kex->kex_type) { - case KEX_DH_GRP1_SHA1: - case KEX_DH_GRP14_SHA1: - case KEX_DH_GRP14_SHA256: - case KEX_DH_GRP16_SHA512: - case KEX_DH_GRP18_SHA512: - r = kex_dh_enc(kex, client_pubkey, &server_pubkey, - &shared_secret); - break; - case KEX_ECDH_SHA2: - r = kex_ecdh_enc(kex, client_pubkey, &server_pubkey, - &shared_secret); - break; - case KEX_C25519_SHA256: - r = kex_c25519_enc(kex, client_pubkey, &server_pubkey, - &shared_secret); - break; - case KEX_KEM_SNTRUP4591761X25519_SHA512: - r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - break; - } - if (r !=0 ) - goto out; - - /* calc H */ - if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) - goto out; - hashlen = sizeof(hash); - if ((r = kex_c25519_hash( - kex->hash_alg, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - client_pubkey, - server_pubkey, - shared_secret, - hash, &hashlen)) != 0) - goto out; - - /* sign H */ - if ((r = kex->sign(ssh, server_host_private, server_host_public, - &signature, &slen, hash, hashlen, kex->hostkey_alg)) != 0) - goto out; - - /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_stringb(ssh, server_pubkey)) != 0 || - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); -out: - explicit_bzero(hash, sizeof(hash)); - free(server_host_key_blob); - free(signature); - sshbuf_free(shared_secret); - sshbuf_free(client_pubkey); - sshbuf_free(server_pubkey); - return r; -} -- cgit v1.2.3 From aaca72d6f1279b842066e07bff797019efeb2c23 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:40:11 +0000 Subject: upstream: rename kex->kem_client_pub -> kex->client_pub now that KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8 --- Makefile.in | 2 +- kex.c | 4 ++-- kex.h | 19 ++++------------- kexc25519.c | 55 ++---------------------------------------------- kexdh.c | 4 ++-- kexecdh.c | 4 ++-- kexsntrup4591761x25519.c | 4 ++-- monitor.c | 18 ++++++++-------- ssh-keyscan.c | 18 ++++++++-------- ssh_api.c | 34 +++++++++++++++--------------- sshconnect2.c | 18 ++++++++-------- sshd.c | 18 ++++++++-------- 12 files changed, 68 insertions(+), 130 deletions(-) diff --git a/Makefile.in b/Makefile.in index fd539184a..6f001bb36 100644 --- a/Makefile.in +++ b/Makefile.in @@ -99,7 +99,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexgexc.o kexgexs.o \ - sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \ + sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ platform-pledge.o platform-tracing.o platform-misc.o diff --git a/kex.c b/kex.c index 4fb087863..cec9b2985 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.148 2019/01/21 10:33:49 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.149 2019/01/21 10:40:11 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -655,7 +655,7 @@ kex_free(struct kex *kex) sshbuf_free(kex->my); sshbuf_free(kex->client_version); sshbuf_free(kex->server_version); - sshbuf_free(kex->kem_client_pub); + sshbuf_free(kex->client_pub); free(kex->session_id); free(kex->failed_choice); free(kex->hostkey_alg); diff --git a/kex.h b/kex.h index 6798e33f9..44e6d1972 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.104 2019/01/21 10:35:09 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.106 2019/01/21 10:40:11 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -170,7 +170,7 @@ struct kex { u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */ u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */ - struct sshbuf *kem_client_pub; /* KEM */ + struct sshbuf *client_pub; }; int kex_names_valid(const char *); @@ -199,16 +199,10 @@ int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); int kex_send_newkeys(struct ssh *); int kex_start_rekex(struct ssh *); -int kexdh_client(struct ssh *); -int kexdh_server(struct ssh *); int kexgex_client(struct ssh *); int kexgex_server(struct ssh *); -int kexecdh_client(struct ssh *); -int kexecdh_server(struct ssh *); -int kexc25519_client(struct ssh *); -int kexc25519_server(struct ssh *); -int kex_kem_client(struct ssh *); -int kex_kem_server(struct ssh *); +int kex_gen_client(struct ssh *); +int kex_gen_server(struct ssh *); int kex_dh_keypair(struct kex *); int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, @@ -241,11 +235,6 @@ int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, const BIGNUM *, const u_char *, size_t, u_char *, size_t *); -int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *, - const u_char *, size_t, const u_char *, size_t, - const u_char *, size_t, const struct sshbuf *, const struct sshbuf *, - const struct sshbuf *, u_char *, size_t *); - void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); diff --git a/kexc25519.c b/kexc25519.c index ec5bb574f..f13d766d7 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.15 2019/01/21 10:35:09 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.17 2019/01/21 10:40:11 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -88,57 +88,6 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE], return kexc25519_shared_key_ext(key, pub, out, 0); } -int -kex_c25519_hash( - int hash_alg, - const struct sshbuf *client_version, - const struct sshbuf *server_version, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, - const struct sshbuf *client_pub, - const struct sshbuf *server_pub, - const struct sshbuf *shared_secret, - u_char *hash, size_t *hashlen) -{ - struct sshbuf *b; - int r; - - if (*hashlen < ssh_digest_bytes(hash_alg)) - return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_stringb(b, client_version)) != 0 || - (r = sshbuf_put_stringb(b, server_version)) != 0 || - /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || - (r = sshbuf_put_stringb(b, client_pub)) != 0 || - (r = sshbuf_put_stringb(b, server_pub)) != 0 || - (r = sshbuf_putb(b, shared_secret)) != 0) { - sshbuf_free(b); - return r; - } -#ifdef DEBUG_KEX - sshbuf_dump(b, stderr); -#endif - if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { - sshbuf_free(b); - return SSH_ERR_LIBCRYPTO_ERROR; - } - sshbuf_free(b); - *hashlen = ssh_digest_bytes(hash_alg); -#ifdef DEBUG_KEX - dump_digest("hash", hash, *hashlen); -#endif - return 0; -} - int kex_c25519_keypair(struct kex *kex) { @@ -154,7 +103,7 @@ kex_c25519_keypair(struct kex *kex) #ifdef DEBUG_KEXECDH dump_digest("client public key c25519:", cp, CURVE25519_SIZE); #endif - kex->kem_client_pub = buf; + kex->client_pub = buf; buf = NULL; out: sshbuf_free(buf); diff --git a/kexdh.c b/kexdh.c index 943774624..6812add20 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.31 2019/01/21 10:35:09 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.32 2019/01/21 10:40:11 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -128,7 +128,7 @@ kex_dh_keypair(struct kex *kex) BN_print_fp(stderr, pub_key); fprintf(stderr, "\n"); #endif - kex->kem_client_pub = buf; + kex->client_pub = buf; buf = NULL; out: sshbuf_free(buf); diff --git a/kexecdh.c b/kexecdh.c index ae9018773..0aeab2e9b 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.9 2019/01/21 10:35:09 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.10 2019/01/21 10:40:11 djm Exp $ */ /* * Copyright (c) 2010 Damien Miller. All rights reserved. * Copyright (c) 2019 Markus Friedl. All rights reserved. @@ -80,7 +80,7 @@ kex_ecdh_keypair(struct kex *kex) kex->ec_client_key = client_key; kex->ec_group = group; client_key = NULL; /* owned by the kex */ - kex->kem_client_pub = buf; + kex->client_pub = buf; buf = NULL; out: EC_KEY_free(client_key); diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c index d845f3d44..b0605b96a 100644 --- a/kexsntrup4591761x25519.c +++ b/kexsntrup4591761x25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */ +/* $OpenBSD: kexsntrup4591761x25519.c,v 1.3 2019/01/21 10:40:11 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -58,7 +58,7 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex) #ifdef DEBUG_KEXECDH dump_digest("client public key c25519:", cp, CURVE25519_SIZE); #endif - kex->kem_client_pub = buf; + kex->client_pub = buf; buf = NULL; out: sshbuf_free(buf); diff --git a/monitor.c b/monitor.c index d3357b73c..60e529444 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.196 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1677,19 +1677,19 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) if ((kex = ssh->kex) != NULL) { /* XXX set callbacks */ #ifdef WITH_OPENSSL - kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; - kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; - kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; - kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; - kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; + kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; + kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC - kex->kex[KEX_ECDH_SHA2] = kex_kem_server; + kex->kex[KEX_ECDH_SHA2] = kex_gen_server; # endif #endif /* WITH_OPENSSL */ - kex->kex[KEX_C25519_SHA256] = kex_kem_server; - kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; + kex->kex[KEX_C25519_SHA256] = kex_gen_server; + kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 9541ecf4a..144daa6df 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.124 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.125 2019/01/21 10:38:54 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -260,19 +260,19 @@ keygrab_ssh2(con *c) exit(1); } #ifdef WITH_OPENSSL - c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; - c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; - c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; - c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; - c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; + c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; + c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; + c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; + c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC - c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; + c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; # endif #endif - c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; - c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; + c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); /* * do the key-exchange until an error occurs or until diff --git a/ssh_api.c b/ssh_api.c index b21769d23..57509973b 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.14 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.15 2019/01/21 10:38:54 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -99,37 +99,37 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->server = is_server; if (is_server) { #ifdef WITH_OPENSSL - ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; - ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; - ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; - ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; - ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; + ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_server; + ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; # endif #endif /* WITH_OPENSSL */ - ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_server; - ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; + ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; + ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; ssh->kex->load_host_public_key=&_ssh_host_public_key; ssh->kex->load_host_private_key=&_ssh_host_private_key; ssh->kex->sign=&_ssh_host_key_sign; } else { #ifdef WITH_OPENSSL - ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; + ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; # endif #endif /* WITH_OPENSSL */ - ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; - ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; + ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; + ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; ssh->kex->verify_host_key =&_ssh_verify_host_key; } *sshp = ssh; diff --git a/sshconnect2.c b/sshconnect2.c index aa5160185..2aa7b9933 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.300 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.301 2019/01/21 10:38:54 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -201,19 +201,19 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) if ((r = kex_setup(ssh, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); #ifdef WITH_OPENSSL - ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; - ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; + ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; + ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; # endif #endif - ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; - ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; + ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; + ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; ssh->kex->verify_host_key=&verify_host_key_callback; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); diff --git a/sshd.c b/sshd.c index ddbedd6c6..058260d6f 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.531 2019/01/21 10:29:56 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.532 2019/01/21 10:38:54 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2207,19 +2207,19 @@ do_ssh2_kex(struct ssh *ssh) fatal("kex_setup: %s", ssh_err(r)); kex = ssh->kex; #ifdef WITH_OPENSSL - kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; - kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; - kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; - kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; - kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; + kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; + kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC - kex->kex[KEX_ECDH_SHA2] = kex_kem_server; + kex->kex[KEX_ECDH_SHA2] = kex_gen_server; # endif #endif - kex->kex[KEX_C25519_SHA256] = kex_kem_server; - kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; + kex->kex[KEX_C25519_SHA256] = kex_gen_server; + kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; -- cgit v1.2.3 From 7bef390b625bdc080f0fd4499ef03cef60fca4fa Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 10:44:21 +0000 Subject: upstream: nothing shall escape this purge OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217 --- kexkemc.c | 170 -------------------------------------------------------------- 1 file changed, 170 deletions(-) delete mode 100644 kexkemc.c diff --git a/kexkemc.c b/kexkemc.c deleted file mode 100644 index 942be5746..000000000 --- a/kexkemc.c +++ /dev/null @@ -1,170 +0,0 @@ -/* $OpenBSD: kexkemc.c,v 1.5 2019/01/21 10:35:09 djm Exp $ */ -/* - * Copyright (c) 2019 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include - -#include -#include -#include - -#include "sshkey.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "ssh2.h" -#include "sshbuf.h" -#include "digest.h" -#include "ssherr.h" - -static int -input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh); - -int -kex_kem_client(struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - int r; - - switch (kex->kex_type) { - case KEX_DH_GRP1_SHA1: - case KEX_DH_GRP14_SHA1: - case KEX_DH_GRP14_SHA256: - case KEX_DH_GRP16_SHA512: - case KEX_DH_GRP18_SHA512: - r = kex_dh_keypair(kex); - break; - case KEX_ECDH_SHA2: - r = kex_ecdh_keypair(kex); - break; - case KEX_C25519_SHA256: - r = kex_c25519_keypair(kex); - break; - case KEX_KEM_SNTRUP4591761X25519_SHA512: - r = kex_kem_sntrup4591761x25519_keypair(kex); - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - break; - } - if (r != 0) - return r; - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || - (r = sshpkt_put_stringb(ssh, kex->kem_client_pub)) != 0 || - (r = sshpkt_send(ssh)) != 0) - return r; - debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); - ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_kem_reply); - return 0; -} - -static int -input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh) -{ - struct kex *kex = ssh->kex; - struct sshkey *server_host_key = NULL; - struct sshbuf *shared_secret = NULL; - struct sshbuf *server_blob = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; - int r; - - /* hostkey */ - if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) - goto out; - if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) - goto out; - - /* Q_S, server public key */ - /* signed H */ - if ((r = sshpkt_getb_froms(ssh, &server_blob)) != 0 || - (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) - goto out; - - /* compute shared secret */ - switch (kex->kex_type) { - case KEX_DH_GRP1_SHA1: - case KEX_DH_GRP14_SHA1: - case KEX_DH_GRP14_SHA256: - case KEX_DH_GRP16_SHA512: - case KEX_DH_GRP18_SHA512: - r = kex_dh_dec(kex, server_blob, &shared_secret); - break; - case KEX_ECDH_SHA2: - r = kex_ecdh_dec(kex, server_blob, &shared_secret); - break; - case KEX_C25519_SHA256: - r = kex_c25519_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_SNTRUP4591761X25519_SHA512: - r = kex_kem_sntrup4591761x25519_dec(kex, server_blob, - &shared_secret); - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - break; - } - if (r !=0 ) - goto out; - - /* calc and verify H */ - hashlen = sizeof(hash); - if ((r = kex_c25519_hash( - kex->hash_alg, - kex->client_version, - kex->server_version, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - kex->kem_client_pub, - server_blob, - shared_secret, - hash, &hashlen)) != 0) - goto out; - - if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - kex->hostkey_alg, ssh->compat)) != 0) - goto out; - - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); -out: - explicit_bzero(hash, sizeof(hash)); - explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); - explicit_bzero(kex->sntrup4591761_client_key, - sizeof(kex->sntrup4591761_client_key)); - free(server_host_key_blob); - free(signature); - sshkey_free(server_host_key); - sshbuf_free(server_blob); - sshbuf_free(shared_secret); - sshbuf_free(kex->kem_client_pub); - kex->kem_client_pub = NULL; - return r; -} -- cgit v1.2.3 From f1185abbf0c9108e639297addc77f8757ee00eb3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 11:22:00 +0000 Subject: upstream: forgot to cvs add this file in previous series of commits; grrr OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0 --- kexgen.c | 322 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 322 insertions(+) create mode 100644 kexgen.c diff --git a/kexgen.c b/kexgen.c new file mode 100644 index 000000000..3983c9f6b --- /dev/null +++ b/kexgen.c @@ -0,0 +1,322 @@ +/* $OpenBSD: kexgen.c,v 1.1 2019/01/21 11:22:00 djm Exp $ */ +/* + * Copyright (c) 2019 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include +#include + +#include "sshkey.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "ssh2.h" +#include "sshbuf.h" +#include "digest.h" +#include "ssherr.h" + +static int input_kex_gen_init(int, u_int32_t, struct ssh *); +static int input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh); + +static int +kex_gen_hash( + int hash_alg, + const struct sshbuf *client_version, + const struct sshbuf *server_version, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, + const u_char *serverhostkeyblob, size_t sbloblen, + const struct sshbuf *client_pub, + const struct sshbuf *server_pub, + const struct sshbuf *shared_secret, + u_char *hash, size_t *hashlen) +{ + struct sshbuf *b; + int r; + + if (*hashlen < ssh_digest_bytes(hash_alg)) + return SSH_ERR_INVALID_ARGUMENT; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_put_stringb(b, client_version)) != 0 || + (r = sshbuf_put_stringb(b, server_version)) != 0 || + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (r = sshbuf_put_stringb(b, client_pub)) != 0 || + (r = sshbuf_put_stringb(b, server_pub)) != 0 || + (r = sshbuf_putb(b, shared_secret)) != 0) { + sshbuf_free(b); + return r; + } +#ifdef DEBUG_KEX + sshbuf_dump(b, stderr); +#endif + if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { + sshbuf_free(b); + return SSH_ERR_LIBCRYPTO_ERROR; + } + sshbuf_free(b); + *hashlen = ssh_digest_bytes(hash_alg); +#ifdef DEBUG_KEX + dump_digest("hash", hash, *hashlen); +#endif + return 0; +} + +int +kex_gen_client(struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + int r; + + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + case KEX_DH_GRP16_SHA512: + case KEX_DH_GRP18_SHA512: + r = kex_dh_keypair(kex); + break; + case KEX_ECDH_SHA2: + r = kex_ecdh_keypair(kex); + break; + case KEX_C25519_SHA256: + r = kex_c25519_keypair(kex); + break; + case KEX_KEM_SNTRUP4591761X25519_SHA512: + r = kex_kem_sntrup4591761x25519_keypair(kex); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + if (r != 0) + return r; + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || + (r = sshpkt_put_stringb(ssh, kex->client_pub)) != 0 || + (r = sshpkt_send(ssh)) != 0) + return r; + debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); + ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_gen_reply); + return 0; +} + +static int +input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + struct sshkey *server_host_key = NULL; + struct sshbuf *shared_secret = NULL; + struct sshbuf *server_blob = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t slen, sbloblen, hashlen; + int r; + + /* hostkey */ + if ((r = sshpkt_get_string(ssh, &server_host_key_blob, + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) + goto out; + if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) + goto out; + + /* Q_S, server public key */ + /* signed H */ + if ((r = sshpkt_getb_froms(ssh, &server_blob)) != 0 || + (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; + + /* compute shared secret */ + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + case KEX_DH_GRP16_SHA512: + case KEX_DH_GRP18_SHA512: + r = kex_dh_dec(kex, server_blob, &shared_secret); + break; + case KEX_ECDH_SHA2: + r = kex_ecdh_dec(kex, server_blob, &shared_secret); + break; + case KEX_C25519_SHA256: + r = kex_c25519_dec(kex, server_blob, &shared_secret); + break; + case KEX_KEM_SNTRUP4591761X25519_SHA512: + r = kex_kem_sntrup4591761x25519_dec(kex, server_blob, + &shared_secret); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + if (r !=0 ) + goto out; + + /* calc and verify H */ + hashlen = sizeof(hash); + if ((r = kex_gen_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + kex->client_pub, + server_blob, + shared_secret, + hash, &hashlen)) != 0) + goto out; + + if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, + kex->hostkey_alg, ssh->compat)) != 0) + goto out; + + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); +out: + explicit_bzero(hash, sizeof(hash)); + explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); + explicit_bzero(kex->sntrup4591761_client_key, + sizeof(kex->sntrup4591761_client_key)); + free(server_host_key_blob); + free(signature); + sshkey_free(server_host_key); + sshbuf_free(server_blob); + sshbuf_free(shared_secret); + sshbuf_free(kex->client_pub); + kex->client_pub = NULL; + return r; +} + +int +kex_gen_server(struct ssh *ssh) +{ + debug("expecting SSH2_MSG_KEX_ECDH_INIT"); + ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_gen_init); + return 0; +} + +static int +input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + struct sshkey *server_host_private, *server_host_public; + struct sshbuf *shared_secret = NULL; + struct sshbuf *server_pubkey = NULL; + struct sshbuf *client_pubkey = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t slen, sbloblen, hashlen; + int r; + + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) + goto out; + + if ((r = sshpkt_getb_froms(ssh, &client_pubkey)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; + + /* compute shared secret */ + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + case KEX_DH_GRP16_SHA512: + case KEX_DH_GRP18_SHA512: + r = kex_dh_enc(kex, client_pubkey, &server_pubkey, + &shared_secret); + break; + case KEX_ECDH_SHA2: + r = kex_ecdh_enc(kex, client_pubkey, &server_pubkey, + &shared_secret); + break; + case KEX_C25519_SHA256: + r = kex_c25519_enc(kex, client_pubkey, &server_pubkey, + &shared_secret); + break; + case KEX_KEM_SNTRUP4591761X25519_SHA512: + r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey, + &server_pubkey, &shared_secret); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + if (r !=0 ) + goto out; + + /* calc H */ + if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, + &sbloblen)) != 0) + goto out; + hashlen = sizeof(hash); + if ((r = kex_gen_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + server_host_key_blob, sbloblen, + client_pubkey, + server_pubkey, + shared_secret, + hash, &hashlen)) != 0) + goto out; + + /* sign H */ + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) != 0) + goto out; + + /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 || + (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || + (r = sshpkt_put_stringb(ssh, server_pubkey)) != 0 || + (r = sshpkt_put_string(ssh, signature, slen)) != 0 || + (r = sshpkt_send(ssh)) != 0) + goto out; + + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); +out: + explicit_bzero(hash, sizeof(hash)); + free(server_host_key_blob); + free(signature); + sshbuf_free(shared_secret); + sshbuf_free(client_pubkey); + sshbuf_free(server_pubkey); + return r; +} -- cgit v1.2.3 From 70edd73edc4df54e5eee50cd27c25427b34612f8 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 12:08:13 +0000 Subject: upstream: fix reversed arguments to kex_load_hostkey(); manifested as errors in cert-hostkey.sh regress failures. OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba --- kex.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kex.c b/kex.c index cec9b2985..34808b5c3 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.149 2019/01/21 10:40:11 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.150 2019/01/21 12:08:13 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1039,7 +1039,7 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, } int -kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp) +kex_load_hostkey(struct ssh *ssh, struct sshkey **prvp, struct sshkey **pubp) { struct kex *kex = ssh->kex; -- cgit v1.2.3 From 4dc06bd57996f1a46b4c3bababe0d09bc89098f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Jan 2019 23:14:04 +1100 Subject: depend --- .depend | 59 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 28 insertions(+), 31 deletions(-) diff --git a/.depend b/.depend index b732ae9e8..b2f992834 100644 --- a/.depend +++ b/.depend @@ -39,9 +39,9 @@ cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/ope cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h -clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h myproposal.h -clientloop.o: log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h -compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h +clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h +clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h +compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crypto_api.h crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crc32.h dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h @@ -60,20 +60,16 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h -kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h monitor.h -kex.o: ssherr.h sshbuf.h digest.h -kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h digest.h ssherr.h -kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h -kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h ssherr.h +kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h match.h +kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h +kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -kexecdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -kexecdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexgen.o: sshkey.h kex.h mac.h crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexsntrup4591761x25519.o: sshkey.h kex.h mac.h crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h ssherr.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h @@ -84,23 +80,23 @@ md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h -monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h +monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h -monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.o: auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h -packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h digest.h log.h canohost.h misc.h channels.h ssh.h -packet.o: packet.h dispatch.h ssherr.h sshbuf.h +packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h canohost.h misc.h channels.h +packet.o: ssh.h packet.h dispatch.h ssherr.h sshbuf.h platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h -readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h uidswap.h -readconf.o: myproposal.h digest.h +readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h +readconf.o: uidswap.h myproposal.h digest.h readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -113,26 +109,27 @@ sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openb sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h -servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h match.h channels.h -servconf.o: groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h +servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h +servconf.o: match.h channels.h groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h -serverloop.o: rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h +serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h -session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h +session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h +sntrup4591761.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h uuencode.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h -ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h compat.h myproposal.h packet.h dispatch.h log.h atomicio.h -ssh-keyscan.o: misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h +ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h +ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h @@ -140,19 +137,19 @@ ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-co ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h sshbuf.h -ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h -ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h version.h -ssh_api.o: myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h +ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h +ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h +ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h -sshconnect.o: authfd.h kex.h mac.h -sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h sshconnect.h -sshconnect2.o: authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h +sshconnect.o: authfd.h kex.h mac.h crypto_api.h +sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h myproposal.h +sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h -sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h +sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h -- cgit v1.2.3 From beab553f0a9578ef9bffe28b2c779725e77b39ec Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 09:13:41 +0000 Subject: upstream: remove hack to use non-system libcrypto OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f --- regress/agent-pkcs11.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh index a57dad6ee..5dd771263 100644 --- a/regress/agent-pkcs11.sh +++ b/regress/agent-pkcs11.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-pkcs11.sh,v 1.5 2019/01/20 23:26:44 djm Exp $ +# $OpenBSD: agent-pkcs11.sh,v 1.6 2019/01/21 09:13:41 djm Exp $ # Placed in the Public Domain. tid="pkcs11 agent test" @@ -73,10 +73,8 @@ openssl genpkey \ openssl pkcs8 -nocrypt -in $EC |\ softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin -LIBCRYPTO=${OBJ}/../../../../lib/libcrypto/obj - trace "start agent" -eval `LD_LIBRARY_PATH=$LIBCRYPTO ${SSHAGENT} -s` > /dev/null +eval `${SSHAGENT} -s` > /dev/null r=$? if [ $r -ne 0 ]; then fail "could not start ssh-agent: exit code $r" -- cgit v1.2.3 From 7d69aae64c35868cc4f644583ab973113a79480e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 12:29:35 +0000 Subject: upstream: adapt to bignum1 API removal and bignum2 API change OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63 --- .../unittests/sshbuf/test_sshbuf_getput_crypto.c | 157 ++------------------- regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c | 13 +- 2 files changed, 16 insertions(+), 154 deletions(-) diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c index a68e1329e..5d39e63e1 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshbuf_getput_crypto.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */ +/* $OpenBSD: test_sshbuf_getput_crypto.c,v 1.2 2019/01/21 12:29:35 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -33,7 +33,6 @@ sshbuf_getput_crypto_tests(void) { struct sshbuf *p1; BIGNUM *bn, *bn2; - /* This one has num_bits != num_bytes * 8 to test bignum1 encoding */ const char *hexbn1 = "0102030405060708090a0b0c0d0e0f10"; /* This one has MSB set to test bignum2 encoding negative-avoidance */ const char *hexbn2 = "f0e0d0c0b0a0908070605040302010007fff11"; @@ -77,54 +76,6 @@ sshbuf_getput_crypto_tests(void) ASSERT_INT_GT(BN_hex2bn(&bnn, b), 0); \ } while (0) - TEST_START("sshbuf_put_bignum1"); - MKBN(hexbn1, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_put_bignum1(p1, bn), 0); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn1) + 2); - ASSERT_U16_EQ(PEEK_U16(sshbuf_ptr(p1)), (u_int16_t)BN_num_bits(bn)); - ASSERT_MEM_EQ(sshbuf_ptr(p1) + 2, expbn1, sizeof(expbn1)); - BN_free(bn); - sshbuf_free(p1); - TEST_DONE(); - - TEST_START("sshbuf_put_bignum1 limited"); - MKBN(hexbn1, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_set_max_size(p1, sizeof(expbn1) + 1), 0); - r = sshbuf_put_bignum1(p1, bn); - ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0); - BN_free(bn); - sshbuf_free(p1); - TEST_DONE(); - - TEST_START("sshbuf_put_bignum1 bn2"); - MKBN(hexbn2, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_put_bignum1(p1, bn), 0); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 2); - ASSERT_U16_EQ(PEEK_U16(sshbuf_ptr(p1)), (u_int16_t)BN_num_bits(bn)); - ASSERT_MEM_EQ(sshbuf_ptr(p1) + 2, expbn2, sizeof(expbn2)); - BN_free(bn); - sshbuf_free(p1); - TEST_DONE(); - - TEST_START("sshbuf_put_bignum1 bn2 limited"); - MKBN(hexbn2, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_set_max_size(p1, sizeof(expbn1) + 1), 0); - r = sshbuf_put_bignum1(p1, bn); - ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0); - BN_free(bn); - sshbuf_free(p1); - TEST_DONE(); - TEST_START("sshbuf_put_bignum2"); MKBN(hexbn1, bn); p1 = sshbuf_new(); @@ -174,88 +125,6 @@ sshbuf_getput_crypto_tests(void) sshbuf_free(p1); TEST_DONE(); - TEST_START("sshbuf_get_bignum1"); - MKBN(hexbn1, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0); - ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1)), 0); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn1)); - ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0); - bn2 = BN_new(); - ASSERT_INT_EQ(sshbuf_get_bignum1(p1, bn2), 0); - ASSERT_BIGNUM_EQ(bn, bn2); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2); - BN_free(bn); - BN_free(bn2); - sshbuf_free(p1); - TEST_DONE(); - - TEST_START("sshbuf_get_bignum1 truncated"); - MKBN(hexbn1, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0); - ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1) - 1), 0); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn1) - 1); - bn2 = BN_new(); - r = sshbuf_get_bignum1(p1, bn2); - ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn1) - 1); - BN_free(bn); - BN_free(bn2); - sshbuf_free(p1); - TEST_DONE(); - - TEST_START("sshbuf_get_bignum1 giant"); - MKBN(hexbn1, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xffff), 0); - ASSERT_INT_EQ(sshbuf_reserve(p1, (0xffff + 7) / 8, NULL), 0); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + ((0xffff + 7) / 8)); - bn2 = BN_new(); - r = sshbuf_get_bignum1(p1, bn2); - ASSERT_INT_EQ(r, SSH_ERR_BIGNUM_TOO_LARGE); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + ((0xffff + 7) / 8)); - BN_free(bn); - BN_free(bn2); - sshbuf_free(p1); - TEST_DONE(); - - TEST_START("sshbuf_get_bignum1 bn2"); - MKBN(hexbn2, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0); - ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn2)); - ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0); - bn2 = BN_new(); - ASSERT_INT_EQ(sshbuf_get_bignum1(p1, bn2), 0); - ASSERT_BIGNUM_EQ(bn, bn2); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2); - BN_free(bn); - BN_free(bn2); - sshbuf_free(p1); - TEST_DONE(); - - TEST_START("sshbuf_get_bignum1 bn2 truncated"); - MKBN(hexbn2, bn); - p1 = sshbuf_new(); - ASSERT_PTR_NE(p1, NULL); - ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0); - ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2) - 1), 0); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn2) - 1); - bn2 = BN_new(); - r = sshbuf_get_bignum1(p1, bn2); - ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE); - ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn2) - 1); - BN_free(bn); - BN_free(bn2); - sshbuf_free(p1); - TEST_DONE(); - TEST_START("sshbuf_get_bignum2"); MKBN(hexbn1, bn); p1 = sshbuf_new(); @@ -264,8 +133,8 @@ sshbuf_getput_crypto_tests(void) ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1)), 0); ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4 + sizeof(expbn1)); ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0); - bn2 = BN_new(); - ASSERT_INT_EQ(sshbuf_get_bignum2(p1, bn2), 0); + bn2 = NULL; + ASSERT_INT_EQ(sshbuf_get_bignum2(p1, &bn2), 0); ASSERT_BIGNUM_EQ(bn, bn2); ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2); BN_free(bn); @@ -279,8 +148,8 @@ sshbuf_getput_crypto_tests(void) ASSERT_PTR_NE(p1, NULL); ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn)), 0); ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1) - 1), 0); - bn2 = BN_new(); - r = sshbuf_get_bignum2(p1, bn2); + bn2 = NULL; + r = sshbuf_get_bignum2(p1, &bn2); ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE); ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn1) + 3); BN_free(bn); @@ -294,8 +163,8 @@ sshbuf_getput_crypto_tests(void) ASSERT_PTR_NE(p1, NULL); ASSERT_INT_EQ(sshbuf_put_u32(p1, 65536), 0); ASSERT_INT_EQ(sshbuf_reserve(p1, 65536, NULL), 0); - bn2 = BN_new(); - r = sshbuf_get_bignum2(p1, bn2); + bn2 = NULL; + r = sshbuf_get_bignum2(p1, &bn2); ASSERT_INT_EQ(r, SSH_ERR_BIGNUM_TOO_LARGE); ASSERT_SIZE_T_EQ(sshbuf_len(p1), 65536 + 4); BN_free(bn); @@ -312,8 +181,8 @@ sshbuf_getput_crypto_tests(void) ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0); ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4 + 1 + sizeof(expbn2)); ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0); - bn2 = BN_new(); - ASSERT_INT_EQ(sshbuf_get_bignum2(p1, bn2), 0); + bn2 = NULL; + ASSERT_INT_EQ(sshbuf_get_bignum2(p1, &bn2), 0); ASSERT_BIGNUM_EQ(bn, bn2); ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2); BN_free(bn); @@ -328,8 +197,8 @@ sshbuf_getput_crypto_tests(void) ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn) + 1), 0); ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x00), 0); ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2) - 1), 0); - bn2 = BN_new(); - r = sshbuf_get_bignum2(p1, bn2); + bn2 = NULL; + r = sshbuf_get_bignum2(p1, &bn2); ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE); ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 1 + 4 - 1); BN_free(bn); @@ -343,8 +212,8 @@ sshbuf_getput_crypto_tests(void) ASSERT_PTR_NE(p1, NULL); ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn)), 0); ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0); - bn2 = BN_new(); - r = sshbuf_get_bignum2(p1, bn2); + bn2 = NULL; + r = sshbuf_get_bignum2(p1, &bn2); ASSERT_INT_EQ(r, SSH_ERR_BIGNUM_IS_NEGATIVE); ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 4); BN_free(bn); diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c index 7c7cb2bfd..ca06bfb00 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshbuf_getput_fuzz.c,v 1.3 2018/10/17 23:28:05 djm Exp $ */ +/* $OpenBSD: test_sshbuf_getput_fuzz.c,v 1.4 2019/01/21 12:29:35 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -54,11 +54,8 @@ attempt_parse_blob(u_char *blob, size_t len) bzero(s, l); free(s); } - bn = BN_new(); - sshbuf_get_bignum1(p1, bn); - BN_clear_free(bn); - bn = BN_new(); - sshbuf_get_bignum2(p1, bn); + bn = NULL; + sshbuf_get_bignum2(p1, &bn); BN_clear_free(bn); #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); @@ -92,10 +89,6 @@ sshbuf_getput_fuzz_tests(void) /* string */ 0x00, 0x00, 0x00, 0x09, 'O', ' ', 'G', 'o', 'r', 'g', 'o', 'n', '!', - /* bignum1 */ - 0x79, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, /* bignum2 */ 0x00, 0x00, 0x00, 0x14, 0x00, -- cgit v1.2.3 From 35ecc53a83f8e8baab2e37549addfd05c73c30f1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 12:35:20 +0000 Subject: upstream: adapt to changes in KEX API and file removals OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7 --- regress/unittests/kex/Makefile | 21 +++++++++++++++------ regress/unittests/kex/test_kex.c | 10 +++++----- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile index 5c61307a3..7b4c644e5 100644 --- a/regress/unittests/kex/Makefile +++ b/regress/unittests/kex/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $ +# $OpenBSD: Makefile,v 1.6 2019/01/21 12:35:20 djm Exp $ PROG=test_kex SRCS=tests.c test_kex.c @@ -9,12 +9,21 @@ SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c -SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c -SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c -SRCS+=dh.c compat.c -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c -SRCS+=smult_curve25519_ref.c + +SRCS+= kex.c +SRCS+= dh.c +SRCS+= kexdh.c +SRCS+= kexecdh.c +SRCS+= kexgex.c +SRCS+= kexgexc.c +SRCS+= kexgexs.c +SRCS+= kexc25519.c +SRCS+= smult_curve25519_ref.c +SRCS+= kexgen.c +SRCS+= kexsntrup4591761x25519.c +SRCS+= sntrup4591761.c SRCS+=digest-openssl.c #SRCS+=digest-libc.c diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index 112bc5499..a860efc02 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_kex.c,v 1.3 2018/12/27 03:37:49 djm Exp $ */ +/* $OpenBSD: test_kex.c,v 1.4 2019/01/21 12:35:20 djm Exp $ */ /* * Regress test KEX * @@ -142,14 +142,14 @@ do_kex_with_key(char *kex, int keytype, int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ - server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; - server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + server2->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + server2->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; #ifdef OPENSSL_HAS_ECC - server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; + server2->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; #endif - server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; + server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server; server2->kex->load_host_public_key = server->kex->load_host_public_key; server2->kex->load_host_private_key = server->kex->load_host_private_key; server2->kex->sign = server->kex->sign; -- cgit v1.2.3 From 49d8c8e214d39acf752903566b105d06c565442a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 12:50:12 +0000 Subject: upstream: adapt to changes in KEX APIs and file removals OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca --- regress/misc/kexfuzz/Makefile | 21 +++++++++++++++------ regress/misc/kexfuzz/kexfuzz.c | 16 ++++++++-------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile index a7bb6b70d..20802cb87 100644 --- a/regress/misc/kexfuzz/Makefile +++ b/regress/misc/kexfuzz/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2017/12/21 05:46:35 djm Exp $ +# $OpenBSD: Makefile,v 1.4 2019/01/21 12:50:12 djm Exp $ .include .include @@ -18,12 +18,21 @@ SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c -SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c -SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c -SRCS+=dh.c compat.c -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c -SRCS+=smult_curve25519_ref.c + +SRCS+= kex.c +SRCS+= dh.c +SRCS+= kexdh.c +SRCS+= kexecdh.c +SRCS+= kexgex.c +SRCS+= kexgexc.c +SRCS+= kexgexs.c +SRCS+= kexc25519.c +SRCS+= smult_curve25519_ref.c +SRCS+= kexgen.c +SRCS+= kexsntrup4591761x25519.c +SRCS+= sntrup4591761.c SRCS+=digest-openssl.c #SRCS+=digest-libc.c diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 61cae042f..7051e87b1 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */ +/* $OpenBSD: kexfuzz.c,v 1.5 2019/01/21 12:50:12 djm Exp $ */ /* * Fuzz harness for KEX code * @@ -273,18 +273,18 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ #ifdef WITH_OPENSSL - server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; - server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; - server2->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; - server2->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; - server2->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; + server2->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + server2->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; + server2->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; + server2->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; + server2->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC - server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; + server2->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; # endif #endif - server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; + server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server; server2->kex->load_host_public_key = server->kex->load_host_public_key; server2->kex->load_host_private_key = server->kex->load_host_private_key; server2->kex->sign = server->kex->sign; -- cgit v1.2.3 From c7670b091a7174760d619ef6738b4f26b2093301 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 12:53:35 +0000 Subject: upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d --- ssh-add.1 | 14 ++++++++++++-- ssh-add.c | 16 ++++++++++++++-- ssh-pkcs11-client.c | 15 ++++++++++----- ssh-pkcs11-helper.8 | 27 +++++++++++++++++++++++++-- ssh-pkcs11-helper.c | 28 +++++++++++++++++++++++----- 5 files changed, 84 insertions(+), 16 deletions(-) diff --git a/ssh-add.1 b/ssh-add.1 index 90826f667..d4e1c603b 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.68 2019/01/21 07:09:10 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.69 2019/01/21 12:53:35 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,7 +43,7 @@ .Nd adds private key identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdkLlqXx +.Op Fl cDdkLlqvXx .Op Fl E Ar fingerprint_hash .Op Fl t Ar life .Op Ar @@ -143,6 +143,16 @@ Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in .Xr sshd_config 5 . +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +This is helpful in debugging problems. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. .It Fl X Unlock the agent. .It Fl x diff --git a/ssh-add.c b/ssh-add.c index eb2552ad5..ac9c808dd 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.137 2019/01/20 22:03:29 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.138 2019/01/21 12:53:35 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -560,6 +560,7 @@ usage(void) fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); fprintf(stderr, " -q Be quiet after a successful operation.\n"); + fprintf(stderr, " -v Be more verbose.\n"); } int @@ -571,6 +572,8 @@ main(int argc, char **argv) char *pkcs11provider = NULL; int r, i, ch, deleting = 0, ret = 0, key_only = 0; int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0; + SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; + LogLevel log_level = SYSLOG_LEVEL_INFO; ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ @@ -579,6 +582,8 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); seed_rng(); + log_init(__progname, log_level, log_facility, 1); + setvbuf(stdout, NULL, _IOLBF, 0); /* First, get a connection to the authentication agent. */ @@ -594,8 +599,14 @@ main(int argc, char **argv) exit(2); } - while ((ch = getopt(argc, argv, "klLcdDTxXE:e:M:m:qs:t:")) != -1) { + while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:")) != -1) { switch (ch) { + case 'v': + if (log_level == SYSLOG_LEVEL_INFO) + log_level = SYSLOG_LEVEL_DEBUG1; + else if (log_level < SYSLOG_LEVEL_DEBUG3) + log_level++; + break; case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); if (fingerprint_hash == -1) @@ -667,6 +678,7 @@ main(int argc, char **argv) goto done; } } + log_init(__progname, log_level, log_facility, 1); if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1) fatal("Invalid combination of actions"); diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 5ba33332a..e7860de89 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.14 2019/01/20 22:57:45 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.15 2019/01/21 12:53:35 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -49,8 +49,8 @@ /* borrows code from sftp-server and ssh-agent */ -int fd = -1; -pid_t pid = -1; +static int fd = -1; +static pid_t pid = -1; static void send_msg(struct sshbuf *m) @@ -272,7 +272,10 @@ static int pkcs11_start_helper(void) { int pair[2]; - char *helper; + char *helper, *verbosity = NULL; + + if (log_level_get() >= SYSLOG_LEVEL_DEBUG1) + verbosity = "-vvv"; if (pkcs11_start_helper_methods() == -1) { error("pkcs11_start_helper_methods failed"); @@ -297,7 +300,9 @@ pkcs11_start_helper(void) helper = getenv("SSH_PKCS11_HELPER"); if (helper == NULL || strlen(helper) == 0) helper = _PATH_SSH_PKCS11_HELPER; - execlp(helper, helper, (char *)NULL); + debug("%s: starting %s %s", __func__, helper, + verbosity == NULL ? "" : verbosity); + execlp(helper, helper, verbosity, (char *)NULL); fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno)); _exit(1); } diff --git a/ssh-pkcs11-helper.8 b/ssh-pkcs11-helper.8 index 3728c4e4e..ba5c30fa0 100644 --- a/ssh-pkcs11-helper.8 +++ b/ssh-pkcs11-helper.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ +.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.5 2019/01/21 12:53:35 djm Exp $ .\" .\" Copyright (c) 2010 Markus Friedl. All rights reserved. .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 16 2013 $ +.Dd $Mdocdate: January 21 2019 $ .Dt SSH-PKCS11-HELPER 8 .Os .Sh NAME @@ -22,6 +22,7 @@ .Nd ssh-agent helper program for PKCS#11 support .Sh SYNOPSIS .Nm +.Op Fl v .Sh DESCRIPTION .Nm is used by @@ -31,6 +32,28 @@ to access keys provided by a PKCS#11 token. .Nm is not intended to be invoked by the user, but from .Xr ssh-agent 1 . +.Pp +A single option is supported: +.Bl -tag -width Ds +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +This is helpful in debugging problems. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. +.Pp +Note that +.Xr ssh-agent 1 +will automatically pass the +.Fl v +flag to +.Nm +when it has itself been placed in debug mode. +.El .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 92c6728ba..c7dfea279 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.15 2019/01/20 22:51:37 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.16 2019/01/21 12:53:35 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -307,11 +307,12 @@ cleanup_exit(int i) _exit(i); } + int main(int argc, char **argv) { fd_set *rset, *wset; - int r, in, out, max, log_stderr = 0; + int r, ch, in, out, max, log_stderr = 0; ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; LogLevel log_level = SYSLOG_LEVEL_ERROR; @@ -320,14 +321,31 @@ main(int argc, char **argv) extern char *__progname; ssh_malloc_init(); /* must be called before any mallocs */ + __progname = ssh_get_progname(argv[0]); + seed_rng(); TAILQ_INIT(&pkcs11_keylist); - pkcs11_init(0); - seed_rng(); - __progname = ssh_get_progname(argv[0]); + log_init(__progname, log_level, log_facility, log_stderr); + + while ((ch = getopt(argc, argv, "v")) != -1) { + switch (ch) { + case 'v': + log_stderr = 1; + if (log_level == SYSLOG_LEVEL_ERROR) + log_level = SYSLOG_LEVEL_DEBUG1; + else if (log_level < SYSLOG_LEVEL_DEBUG3) + log_level++; + break; + default: + fprintf(stderr, "usage: %s [-v]\n", __progname); + exit(1); + } + } log_init(__progname, log_level, log_facility, log_stderr); + pkcs11_init(0); + in = STDIN_FILENO; out = STDOUT_FILENO; -- cgit v1.2.3 From d50ab3cd6fb859888a26b4d4e333239b4f6bf573 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 22 Jan 2019 00:02:23 +1100 Subject: new files need includes.h --- kexgen.c | 2 ++ kexsntrup4591761x25519.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/kexgen.c b/kexgen.c index 3983c9f6b..91c960fe6 100644 --- a/kexgen.c +++ b/kexgen.c @@ -23,6 +23,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "includes.h" + #include #include diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c index b0605b96a..3b9b664f8 100644 --- a/kexsntrup4591761x25519.c +++ b/kexsntrup4591761x25519.c @@ -23,6 +23,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "includes.h" + #include #include -- cgit v1.2.3 From 533cfb01e49a2a30354e191669dc3159e03e99a7 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 22:18:24 +0000 Subject: upstream: switch sntrup implementation source from supercop to libpqcrypto; the latter is almost identical but doesn't rely on signed underflow to implement an optimised integer sort; from markus@ OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8 --- sntrup4591761.c | 109 ++++++++++++++++++++++++++++--------------------------- sntrup4591761.sh | 47 ++++++++++++------------ 2 files changed, 79 insertions(+), 77 deletions(-) diff --git a/sntrup4591761.c b/sntrup4591761.c index d3ff549ae..9631b423e 100644 --- a/sntrup4591761.c +++ b/sntrup4591761.c @@ -1,26 +1,36 @@ #include #include "crypto_api.h" -/* from supercop-20181216/crypto_sort/int32/portable3/int32_minmax.inc */ -#define int32_MINMAX(a,b) \ -do { \ - int32 ab = b ^ a; \ - int32 c = b - a; \ - c ^= ab & (c ^ b); \ - c >>= 31; \ - c &= ab; \ - a ^= c; \ - b ^= c; \ -} while(0) - -/* from supercop-20181216/crypto_sort/int32/portable3/sort.c */ -#define int32 crypto_int32 - - -static void crypto_sort_int32(void *array,long long n) +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.h */ +#ifndef int32_sort_h +#define int32_sort_h + + +static void int32_sort(crypto_int32 *,int); + +#endif + +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.c */ +/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ + + +static void minmax(crypto_int32 *x,crypto_int32 *y) +{ + crypto_uint32 xi = *x; + crypto_uint32 yi = *y; + crypto_uint32 xy = xi ^ yi; + crypto_uint32 c = yi - xi; + c ^= xy & (c ^ yi); + c >>= 31; + c = -c; + c &= xy; + *x = xi ^ c; + *y = yi ^ c; +} + +static void int32_sort(crypto_int32 *x,int n) { - long long top,p,q,r,i; - int32 *x = array; + int top,p,q,i; if (n < 2) return; top = 1; @@ -29,22 +39,15 @@ static void crypto_sort_int32(void *array,long long n) for (p = top;p > 0;p >>= 1) { for (i = 0;i < n - p;++i) if (!(i & p)) - int32_MINMAX(x[i],x[i+p]); - i = 0; - for (q = top;q > p;q >>= 1) { - for (;i < n - q;++i) { - if (!(i & p)) { - int32 a = x[i + p]; - for (r = q;r > p;r >>= 1) - int32_MINMAX(a,x[i+r]); - x[i + p] = a; - } - } - } + minmax(x + i,x + i + p); + for (q = top;q > p;q >>= 1) + for (i = 0;i < n - q;++i) + if (!(i & p)) + minmax(x + i + p,x + i + q); } } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/small.h */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.h */ #ifndef small_h #define small_h @@ -62,7 +65,7 @@ static void small_random_weightw(small *); #endif -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/mod3.h */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/mod3.h */ #ifndef mod3_h #define mod3_h @@ -122,7 +125,7 @@ static inline small mod3_quotient(small num,small den) #endif -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/modq.h */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/modq.h */ #ifndef modq_h #define modq_h @@ -212,7 +215,7 @@ static inline modq modq_quotient(modq num,modq den) #endif -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/params.h */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/params.h */ #ifndef params_h #define params_h @@ -228,7 +231,7 @@ static inline modq modq_quotient(modq num,modq den) #endif -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/r3.h */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3.h */ #ifndef r3_h #define r3_h @@ -239,7 +242,7 @@ extern int r3_recip(small *,const small *); #endif -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq.h */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.h */ #ifndef rq_h #define rq_h @@ -260,7 +263,7 @@ int rq_recip3(modq *,const small *); #endif -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/swap.h */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.h */ #ifndef swap_h #define swap_h @@ -268,7 +271,7 @@ static void swap(void *,void *,int,int); #endif -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/dec.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/dec.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ #ifdef KAT @@ -334,7 +337,7 @@ int crypto_kem_sntrup4591761_dec( return result; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/enc.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/enc.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ #ifdef KAT @@ -380,7 +383,7 @@ int crypto_kem_sntrup4591761_enc( return 0; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/keypair.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/keypair.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -416,7 +419,7 @@ int crypto_kem_sntrup4591761_keypair(unsigned char *pk,unsigned char *sk) return 0; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/r3_mult.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_mult.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -448,7 +451,7 @@ static void r3_mult(small *h,const small *f,const small *g) h[i] = fg[i]; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/r3_recip.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_recip.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -574,7 +577,7 @@ int r3_recip(small *r,const small *s) return smaller_mask_r3_recip(0,d); } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/randomsmall.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomsmall.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -588,7 +591,7 @@ static void small_random(small *g) } } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/randomweightw.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomweightw.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -600,11 +603,11 @@ static void small_random_weightw(small *f) for (i = 0;i < p;++i) r[i] = small_random32(); for (i = 0;i < w;++i) r[i] &= -2; for (i = w;i < p;++i) r[i] = (r[i] & -3) | 1; - crypto_sort_int32(r,p); + int32_sort(r,p); for (i = 0;i < p;++i) f[i] = ((small) (r[i] & 3)) - 1; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -733,7 +736,7 @@ static void rq_decode(modq *f,const unsigned char *c) *f++ = modq_freeze(c0 + q - qshift); } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_mult.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_mult.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -765,7 +768,7 @@ static void rq_mult(modq *h,const modq *f,const small *g) h[i] = fg[i]; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_recip3.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_recip3.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -891,7 +894,7 @@ int rq_recip3(modq *r,const small *s) return smaller_mask_rq_recip3(0,d); } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_round3.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_round3.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -903,7 +906,7 @@ static void rq_round3(modq *h,const modq *f) h[i] = ((21846 * (f[i] + 2295) + 32768) >> 16) * 3 - 2295; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/rq_rounded.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_rounded.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -1005,7 +1008,7 @@ static void rq_decoderounded(modq *f,const unsigned char *c) *f++ = modq_freeze(f1 * 3 + q - qshift); } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/small.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ @@ -1044,7 +1047,7 @@ static void small_decode(small *f,const unsigned char *c) *f++ = ((small) (c0 & 3)) - 1; } -/* from supercop-20181216/crypto_kem/sntrup4591761/ref/swap.c */ +/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.c */ /* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */ diff --git a/sntrup4591761.sh b/sntrup4591761.sh index 5540ca4d9..2a0a4200b 100644 --- a/sntrup4591761.sh +++ b/sntrup4591761.sh @@ -1,28 +1,28 @@ #!/bin/sh FILES=" - supercop-20181216/crypto_sort/int32/portable3/int32_minmax.inc - supercop-20181216/crypto_sort/int32/portable3/sort.c - supercop-20181216/crypto_kem/sntrup4591761/ref/small.h - supercop-20181216/crypto_kem/sntrup4591761/ref/mod3.h - supercop-20181216/crypto_kem/sntrup4591761/ref/modq.h - supercop-20181216/crypto_kem/sntrup4591761/ref/params.h - supercop-20181216/crypto_kem/sntrup4591761/ref/r3.h - supercop-20181216/crypto_kem/sntrup4591761/ref/rq.h - supercop-20181216/crypto_kem/sntrup4591761/ref/swap.h - supercop-20181216/crypto_kem/sntrup4591761/ref/dec.c - supercop-20181216/crypto_kem/sntrup4591761/ref/enc.c - supercop-20181216/crypto_kem/sntrup4591761/ref/keypair.c - supercop-20181216/crypto_kem/sntrup4591761/ref/r3_mult.c - supercop-20181216/crypto_kem/sntrup4591761/ref/r3_recip.c - supercop-20181216/crypto_kem/sntrup4591761/ref/randomsmall.c - supercop-20181216/crypto_kem/sntrup4591761/ref/randomweightw.c - supercop-20181216/crypto_kem/sntrup4591761/ref/rq.c - supercop-20181216/crypto_kem/sntrup4591761/ref/rq_mult.c - supercop-20181216/crypto_kem/sntrup4591761/ref/rq_recip3.c - supercop-20181216/crypto_kem/sntrup4591761/ref/rq_round3.c - supercop-20181216/crypto_kem/sntrup4591761/ref/rq_rounded.c - supercop-20181216/crypto_kem/sntrup4591761/ref/small.c - supercop-20181216/crypto_kem/sntrup4591761/ref/swap.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/mod3.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/modq.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/params.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.h + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/dec.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/enc.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/keypair.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_mult.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_recip.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomsmall.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomweightw.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_mult.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_recip3.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_round3.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_rounded.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.c + libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.c " ### @@ -40,7 +40,6 @@ for i in $FILES; do grep -v "extern crypto_int32 small_random32" | sed -e "s/crypto_kem_/crypto_kem_sntrup4591761_/g" \ -e "s/smaller_mask/smaller_mask_${b}/g" \ - -e "s/void crypto_sort/void crypto_sort_int32/" \ -e "s/^extern void /static void /" \ -e "s/^void /static void /" echo -- cgit v1.2.3 From 2de9cec54230998ab10161576f77860a2559ccb7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 22 Jan 2019 10:49:52 +1100 Subject: add missing header --- kexdh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kexdh.c b/kexdh.c index 6812add20..0b0b4d8a4 100644 --- a/kexdh.c +++ b/kexdh.c @@ -33,6 +33,9 @@ #include #include +#include "openbsd-compat/openssl-compat.h" +#include + #include "sshkey.h" #include "kex.h" #include "sshbuf.h" -- cgit v1.2.3 From d5520393572eb24aa0e001a1c61f49b104396e45 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 22 Jan 2019 10:50:40 +1100 Subject: typo --- kexdh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kexdh.c b/kexdh.c index 0b0b4d8a4..67133e339 100644 --- a/kexdh.c +++ b/kexdh.c @@ -34,7 +34,7 @@ #include #include "openbsd-compat/openssl-compat.h" -#include +#include #include "sshkey.h" #include "kex.h" -- cgit v1.2.3 From c882d74652800150d538e22c80dd2bd3cdd5fae2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Jan 2019 20:38:40 +1100 Subject: Allow building against OpenSSL dev (3.x) version. --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 25ac38f7e..30be6c182 100644 --- a/configure.ac +++ b/configure.ac @@ -2622,8 +2622,9 @@ if test "x$openssl" = "xyes" ; then ;; 101*) ;; # 1.1.x 200*) ;; # LibreSSL + 300*) ;; # OpenSSL development branch. *) - AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")]) + AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) ;; esac AC_MSG_RESULT([$ssl_library_ver]) -- cgit v1.2.3 From 622dedf1a884f2927a9121e672bd9955e12ba108 Mon Sep 17 00:00:00 2001 From: "tb@openbsd.org" Date: Mon, 21 Jan 2019 22:50:42 +0000 Subject: upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface. ok djm OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc --- scp.1 | 17 +++++++++++++++-- scp.c | 8 +++++--- sftp.1 | 18 ++++++++++++++++-- sftp.c | 14 +++++++------- 4 files changed, 43 insertions(+), 14 deletions(-) diff --git a/scp.1 b/scp.1 index 0e5cc1b2d..9fb6c23cb 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.81 2018/09/20 06:58:48 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.82 2019/01/21 22:50:42 tb Exp $ .\" -.Dd $Mdocdate: September 20 2018 $ +.Dd $Mdocdate: January 21 2019 $ .Dt SCP 1 .Os .Sh NAME @@ -106,6 +106,19 @@ Selects the file from which the identity (private key) for public key authentication is read. This option is directly passed to .Xr ssh 1 . +.It Fl J Ar destination +Connect to the target host by first making a +.Nm +connection to the jump host described by +.Ar destination +and then establishing a TCP forwarding to the ultimate destination from +there. +Multiple jump hops may be specified separated by comma characters. +This is a shortcut to specify a +.Cm ProxyJump +configuration directive. +This option is directly passed to +.Xr ssh 1 . .It Fl l Ar limit Limits the used bandwidth, specified in Kbit/s. .It Fl o Ar ssh_option diff --git a/scp.c b/scp.c index eb17c3416..ae51137ee 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.199 2019/01/21 22:50:42 tb Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -424,7 +424,7 @@ main(int argc, char **argv) addargs(&args, "-oRequestTTY=no"); fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:J:")) != -1) switch (ch) { /* User-visible flags. */ case '1': @@ -446,6 +446,7 @@ main(int argc, char **argv) case 'c': case 'i': case 'F': + case 'J': addargs(&remote_remote_args, "-%c", ch); addargs(&remote_remote_args, "%s", optarg); addargs(&args, "-%c", ch); @@ -1319,7 +1320,8 @@ usage(void) { (void) fprintf(stderr, "usage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" - " [-l limit] [-o ssh_option] [-P port] [-S program] source ... target\n"); + " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" + " [-S program] source ... target\n"); exit(1); } diff --git a/sftp.1 b/sftp.1 index 722a34419..ce12fc537 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.123 2019/01/16 23:23:45 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.124 2019/01/21 22:50:42 tb Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 16 2019 $ +.Dd $Mdocdate: January 21 2019 $ .Dt SFTP 1 .Os .Sh NAME @@ -37,6 +37,7 @@ .Op Fl D Ar sftp_server_path .Op Fl F Ar ssh_config .Op Fl i Ar identity_file +.Op Fl J Ar destination .Op Fl l Ar limit .Op Fl o Ar ssh_option .Op Fl P Ar port @@ -181,6 +182,19 @@ Selects the file from which the identity (private key) for public key authentication is read. This option is directly passed to .Xr ssh 1 . +.It Fl J Ar destination +Connect to the target host by first making a +.Nm +connection to the jump host described by +.Ar destination +and then establishing a TCP forwarding to the ultimate destination from +there. +Multiple jump hops may be specified separated by comma characters. +This is a shortcut to specify a +.Cm ProxyJump +configuration directive. +This option is directly passed to +.Xr ssh 1 . .It Fl l Ar limit Limits the used bandwidth, specified in Kbit/s. .It Fl o Ar ssh_option diff --git a/sftp.c b/sftp.c index 0f3f89d33..44aa19d96 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.189 2019/01/16 23:23:45 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.190 2019/01/21 22:50:42 tb Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -2362,11 +2362,10 @@ usage(void) fprintf(stderr, "usage: %s [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" - " [-D sftp_server_path] [-F ssh_config] " - "[-i identity_file] [-l limit]\n" - " [-o ssh_option] [-P port] [-R num_requests] " - "[-S program]\n" - " [-s subsystem | sftp_server] destination\n", + " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" + " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" + " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" + " destination\n", __progname); exit(1); } @@ -2409,7 +2408,7 @@ main(int argc, char **argv) infile = stdin; while ((ch = getopt(argc, argv, - "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { + "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { switch (ch) { /* Passed through to ssh(1) */ case '4': @@ -2419,6 +2418,7 @@ main(int argc, char **argv) break; /* Passed through to ssh(1) with argument */ case 'F': + case 'J': case 'c': case 'i': case 'o': -- cgit v1.2.3 From 68e924d5473c00057f8532af57741d258c478223 Mon Sep 17 00:00:00 2001 From: "tb@openbsd.org" Date: Mon, 21 Jan 2019 23:55:12 +0000 Subject: upstream: Forgot to add -J to the synopsis. OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e --- scp.1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scp.1 b/scp.1 index 9fb6c23cb..f07db1a87 100644 --- a/scp.1 +++ b/scp.1 @@ -8,7 +8,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.82 2019/01/21 22:50:42 tb Exp $ +.\" $OpenBSD: scp.1,v 1.83 2019/01/21 23:55:12 tb Exp $ .\" .Dd $Mdocdate: January 21 2019 $ .Dt SCP 1 @@ -21,6 +21,7 @@ .Op Fl 346BCpqrv .Op Fl c Ar cipher .Op Fl F Ar ssh_config +.Op Fl J Ar destination .Op Fl i Ar identity_file .Op Fl l Ar limit .Op Fl o Ar ssh_option -- cgit v1.2.3 From fd8eb1383a34c986a00ef13d745ae9bd3ea21760 Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Tue, 22 Jan 2019 06:58:31 +0000 Subject: upstream: tweak previous; OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8 --- scp.1 | 8 ++++---- sftp.1 | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scp.1 b/scp.1 index f07db1a87..8bb63edaa 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.83 2019/01/21 23:55:12 tb Exp $ +.\" $OpenBSD: scp.1,v 1.84 2019/01/22 06:58:31 jmc Exp $ .\" -.Dd $Mdocdate: January 21 2019 $ +.Dd $Mdocdate: January 22 2019 $ .Dt SCP 1 .Os .Sh NAME @@ -21,8 +21,8 @@ .Op Fl 346BCpqrv .Op Fl c Ar cipher .Op Fl F Ar ssh_config -.Op Fl J Ar destination .Op Fl i Ar identity_file +.Op Fl J Ar destination .Op Fl l Ar limit .Op Fl o Ar ssh_option .Op Fl P Ar port @@ -108,7 +108,7 @@ authentication is read. This option is directly passed to .Xr ssh 1 . .It Fl J Ar destination -Connect to the target host by first making a +Connect to the target host by first making an .Nm connection to the jump host described by .Ar destination diff --git a/sftp.1 b/sftp.1 index ce12fc537..259095885 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.124 2019/01/21 22:50:42 tb Exp $ +.\" $OpenBSD: sftp.1,v 1.125 2019/01/22 06:58:31 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 21 2019 $ +.Dd $Mdocdate: January 22 2019 $ .Dt SFTP 1 .Os .Sh NAME @@ -183,7 +183,7 @@ authentication is read. This option is directly passed to .Xr ssh 1 . .It Fl J Ar destination -Connect to the target host by first making a +Connect to the target host by first making an .Nm connection to the jump host described by .Ar destination -- cgit v1.2.3 From c45616a199c322ca674315de88e788f1d2596e26 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 11:00:15 +0000 Subject: upstream: mention the new vs. old key formats in the introduction and give some hints on how keys may be converted or written in the old format. OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823 --- ssh-keygen.1 | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 8e96d9014..56815e272 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.152 2018/12/07 03:33:18 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.153 2019/01/22 11:00:15 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 7 2018 $ +.Dd $Mdocdate: January 22 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -205,16 +205,28 @@ There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, a new key must be generated and the corresponding public key copied to other machines. .Pp -For keys stored in the newer OpenSSH format, -there is also a comment field in the key file that is only for -convenience to the user to help identify the key. -The comment can tell what the key is for, or whatever is useful. +.Nm +will by default write keys in an OpenSSH-specific format. +This format is preferred as it offers better protection for +keys at rest as well as allowing storage of key comments within +the private key file itself. +The key comment may be useful to help identify the key. The comment is initialized to .Dq user@host when the key is created, but can be changed using the .Fl c option. .Pp +It is still possible for +.Nm +to write the previously-used PEM format private keys using the +.Fl m +flag. +This may be used when generating new keys, and existing new-format +keys may be converted using this option in conjunction with the +.Fl p +(change passphrase) flag. +.Pp After a key is generated, instructions below detail where the keys should be placed to be activated. .Pp -- cgit v1.2.3 From 180b520e2bab33b566b4b0cbac7d5f9940935011 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 11:19:42 +0000 Subject: upstream: clarify: ssh-keygen -e only writes public keys, never private OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb --- ssh-keygen.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 56815e272..d538816d9 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.153 2019/01/22 11:00:15 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.154 2019/01/22 11:19:42 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -294,7 +294,7 @@ The default is .Dq sha256 . .It Fl e This option will read a private or public OpenSSH key file and -print to stdout the key in one of the formats specified by the +print to stdout a public key in one of the formats specified by the .Fl m option. The default export format is -- cgit v1.2.3 From ff5d2cf4ca373bb4002eef395ed2cbe2ff0826c1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 11:26:16 +0000 Subject: upstream: print the full pubkey being attempted at loglevel >= debug2; bz2939 OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290 --- auth2-pubkey.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 2fb5950ea..0b3975a74 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.87 2019/01/22 11:26:16 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -102,6 +102,22 @@ userauth_pubkey(struct ssh *ssh) (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) fatal("%s: parse request failed: %s", __func__, ssh_err(r)); + + if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) { + char *keystring; + struct sshbuf *pkbuf; + + if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL) + fatal("%s: sshbuf_from failed", __func__); + if ((keystring = sshbuf_dtob64(pkbuf)) == NULL) + fatal("%s: sshbuf_dtob64 failed", __func__); + debug2("%s: %s user %s %s public key %s %s", __func__, + authctxt->valid ? "valid" : "invalid", authctxt->user, + have_sig ? "attempting" : "querying", pkalg, keystring); + sshbuf_free(pkbuf); + free(keystring); + } + pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ -- cgit v1.2.3 From ecd2f33cb772db4fa76776543599f1c1ab6f9fa0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 11:40:42 +0000 Subject: upstream: Include -m in the synopsis for a few more commands that support it Be more explicit in the description of -m about where it may be used Prompted by Jakub Jelen in bz2904 OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c --- ssh-keygen.1 | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index d538816d9..474f4294a 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.154 2019/01/22 11:19:42 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.155 2019/01/22 11:40:42 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -50,11 +50,13 @@ .Op Fl N Ar new_passphrase .Op Fl C Ar comment .Op Fl f Ar output_keyfile +.Op Fl m Ar format .Nm ssh-keygen .Fl p .Op Fl P Ar old_passphrase .Op Fl N Ar new_passphrase .Op Fl f Ar keyfile +.Op Fl m Ar format .Nm ssh-keygen .Fl i .Op Fl m Ar key_format @@ -404,11 +406,15 @@ fingerprint. Specify the amount of memory to use (in megabytes) when generating candidate moduli for DH-GEX. .It Fl m Ar key_format -Specify a key format for the +Specify a key format for key generation, the .Fl i -(import) or +(import), .Fl e -(export) conversion options. +(export) conversion options, and the +.Fl p +change passphrase operation. +The latter may be used to convert between OpenSSH private key and PEM +private key formats. The supported key formats are: .Dq RFC4716 (RFC 4716/SSH2 public or private key), -- cgit v1.2.3 From 7a2cb18a215b2cb335da3dc99489c52a91f4925b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 11:51:25 +0000 Subject: upstream: Mention that configuration for the destination host is not applied to any ProxyJump/-J hosts. This has confused a few people... OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b --- ssh.1 | 9 +++++++-- ssh_config.5 | 10 ++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ssh.1 b/ssh.1 index 7760c3075..ca4373d11 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.399 2018/09/20 06:58:48 jmc Exp $ -.Dd $Mdocdate: September 20 2018 $ +.\" $OpenBSD: ssh.1,v 1.400 2019/01/22 11:51:25 djm Exp $ +.Dd $Mdocdate: January 22 2019 $ .Dt SSH 1 .Os .Sh NAME @@ -308,6 +308,11 @@ Multiple jump hops may be specified separated by comma characters. This is a shortcut to specify a .Cm ProxyJump configuration directive. +Note that configuration directives supplied on the command-line generally +apply to the destination host and not any specified jump hosts. +Use +.Pa ~/.ssh/config +to specify configuration for jump hosts. .Pp .It Fl K Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI diff --git a/ssh_config.5 b/ssh_config.5 index 0a19ba64c..1d57eef58 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.288 2018/11/23 06:58:28 jmc Exp $ -.Dd $Mdocdate: November 23 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.289 2019/01/22 11:51:25 djm Exp $ +.Dd $Mdocdate: January 22 2019 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1263,6 +1263,12 @@ Note that this option will compete with the .Cm ProxyCommand option - whichever is specified first will prevent later instances of the other from taking effect. +.Pp +Note also that the configuration for the destination host (either supplied +via the command-line or the configuration file) is not generally applied +to jump hosts. +.Pa ~/.ssh/config +should be used if specific configuration is required for jump hosts. .It Cm ProxyUseFdpass Specifies that .Cm ProxyCommand -- cgit v1.2.3 From 2162171ad517501ba511fa9f8191945d01857bb4 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 12:00:50 +0000 Subject: upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE by requring a fresh login after the C_SignInit operation. based on patch from Jakub Jelen in bz#2638; ok markus OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661 --- ssh-pkcs11.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 95 insertions(+), 26 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 036ee8115..384ac1edb 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.39 2019/01/21 02:05:38 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.40 2019/01/22 12:00:50 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -239,6 +239,85 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, return (ret); } +static int +pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) +{ + struct pkcs11_slotinfo *si; + CK_FUNCTION_LIST *f; + char *pin = NULL, prompt[1024]; + CK_RV rv; + + if (!k11->provider || !k11->provider->valid) { + error("no pkcs11 (valid) provider found"); + return (-1); + } + + f = k11->provider->function_list; + si = &k11->provider->slotinfo[k11->slotidx]; + + if (!pkcs11_interactive) { + error("need pin entry%s", + (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? + " on reader keypad" : ""); + return (-1); + } + if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + verbose("Deferring PIN entry to reader keypad."); + else { + snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", + si->token.label); + if ((pin = read_passphrase(prompt, RP_ALLOW_EOF)) == NULL) { + debug("%s: no pin specified", __func__); + return (-1); /* bail out */ + } + } + rv = f->C_Login(si->session, type, (u_char *)pin, + (pin != NULL) ? strlen(pin) : 0); + if (pin != NULL) + freezero(pin, strlen(pin)); + if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { + error("C_Login failed: %lu", rv); + return (-1); + } + si->logged_in = 1; + return (0); +} + +static int +pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, + CK_ATTRIBUTE_TYPE type, int *val) +{ + struct pkcs11_slotinfo *si; + CK_FUNCTION_LIST *f; + CK_BBOOL flag = 0; + CK_ATTRIBUTE attr; + CK_RV rv; + + *val = 0; + + if (!k11->provider || !k11->provider->valid) { + error("no pkcs11 (valid) provider found"); + return (-1); + } + + f = k11->provider->function_list; + si = &k11->provider->slotinfo[k11->slotidx]; + + attr.type = type; + attr.pValue = &flag; + attr.ulValueLen = sizeof(flag); + + rv = f->C_GetAttributeValue(si->session, obj, &attr, 1); + if (rv != CKR_OK) { + error("C_GetAttributeValue failed: %lu", rv); + return (-1); + } + *val = flag != 0; + debug("%s: provider %p slot %lu object %lu: attrib %lu = %d", + __func__, k11->provider, k11->slotidx, obj, type, *val); + return (0); +} + static int pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type) { @@ -250,7 +329,8 @@ pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type) CK_BBOOL true_val; CK_MECHANISM mech; CK_ATTRIBUTE key_filter[3]; - char *pin = NULL, prompt[1024]; + int always_auth = 0; + int did_login = 0; if (!k11->provider || !k11->provider->valid) { error("no pkcs11 (valid) provider found"); @@ -261,32 +341,11 @@ pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type) si = &k11->provider->slotinfo[k11->slotidx]; if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { - if (!pkcs11_interactive) { - error("need pin entry%s", (si->token.flags & - CKF_PROTECTED_AUTHENTICATION_PATH) ? - " on reader keypad" : ""); - return (-1); - } - if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) - verbose("Deferring PIN entry to reader keypad."); - else { - snprintf(prompt, sizeof(prompt), - "Enter PIN for '%s': ", si->token.label); - pin = read_passphrase(prompt, RP_ALLOW_EOF); - if (pin == NULL) - return (-1); /* bail out */ - } - rv = f->C_Login(si->session, CKU_USER, (u_char *)pin, - (pin != NULL) ? strlen(pin) : 0); - if (pin != NULL) { - explicit_bzero(pin, strlen(pin)); - free(pin); - } - if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { - error("C_Login failed: %lu", rv); + if (pkcs11_login(k11, CKU_USER) < 0) { + error("login failed"); return (-1); } - si->logged_in = 1; + did_login = 1; } memset(&key_filter, 0, sizeof(key_filter)); @@ -321,6 +380,16 @@ pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type) return (-1); } + pkcs11_check_obj_bool_attrib(k11, obj, CKA_ALWAYS_AUTHENTICATE, + &always_auth); /* ignore errors here */ + if (always_auth && !did_login) { + debug("%s: always-auth key", __func__); + if (pkcs11_login(k11, CKU_CONTEXT_SPECIFIC) < 0) { + error("login failed for always-auth key"); + return (-1); + } + } + return (0); } -- cgit v1.2.3 From 41923ce06ac149453debe472238e0cca7d5a2e5f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 12:03:58 +0000 Subject: upstream: Correct some bugs in PKCS#11 token PIN handling at initial login, the attempt at reading the PIN could be skipped in some cases especially on devices with integrated PIN readers. based on patch from Daniel Kucera in bz#2652; ok markus@ OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e --- ssh-pkcs11.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 384ac1edb..f116e4051 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.40 2019/01/22 12:00:50 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.41 2019/01/22 12:03:58 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -620,26 +620,36 @@ static int pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, CK_ULONG user) { - CK_RV rv; + struct pkcs11_slotinfo *si; CK_FUNCTION_LIST *f; + CK_RV rv; CK_SESSION_HANDLE session; - int login_required, ret; + int login_required, have_pinpad, ret; f = p->function_list; - login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; - if (pin && login_required && !strlen(pin)) { + si = &p->slotinfo[slotidx]; + + have_pinpad = si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH; + login_required = si->token.flags & CKF_LOGIN_REQUIRED; + + /* fail early before opening session */ + if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) { error("pin required"); return (-SSH_PKCS11_ERR_PIN_REQUIRED); } if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| - CKF_SERIAL_SESSION, NULL, NULL, &session)) - != CKR_OK) { + CKF_SERIAL_SESSION, NULL, NULL, &session)) != CKR_OK) { error("C_OpenSession failed: %lu", rv); return (-1); } - if (login_required && pin) { - rv = f->C_Login(session, user, - (u_char *)pin, strlen(pin)); + if (login_required) { + if (have_pinpad && (pin == NULL || strlen(pin) == 0)) { + /* defer PIN entry to the reader keypad */ + rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); + } else { + rv = f->C_Login(session, CKU_USER, + (u_char *)pin, strlen(pin)); + } if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { error("C_Login failed: %lu", rv); ret = (rv == CKR_PIN_LOCKED) ? @@ -649,9 +659,9 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, error("C_CloseSession failed: %lu", rv); return (ret); } - p->slotinfo[slotidx].logged_in = 1; + si->logged_in = 1; } - p->slotinfo[slotidx].session = session; + si->session = session; return (0); } -- cgit v1.2.3 From f99ef8de967949a1fc25a5c28263ea32736e5943 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 20:48:01 +0000 Subject: upstream: add -m to usage(); reminded by jmc@ OpenBSD-Commit-ID: bca476a5236e8f94210290b3e6a507af0434613e --- ssh-keygen.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index a67737350..6077bb20e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.323 2018/10/19 03:12:42 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.324 2019/01/22 20:48:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2392,9 +2392,10 @@ static void usage(void) { fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa] [-m format]\n" " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" - " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" + " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-m format]\n" + " [-f keyfile]\n" " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" " ssh-keygen -e [-m key_format] [-f input_keyfile]\n" " ssh-keygen -y [-f input_keyfile]\n" -- cgit v1.2.3 From d691588b8e29622c66abf8932362b522cf7f4051 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 22:58:50 +0000 Subject: upstream: backoff reading messages from active connections when the input buffer is too full to read one, or if the output buffer is too full to enqueue a response; feedback & ok dtucker@ OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8 --- ssh-agent.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/ssh-agent.c b/ssh-agent.c index 6baebc313..d06ecfd98 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.232 2018/11/09 02:57:58 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.233 2019/01/22 22:58:50 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -96,6 +96,8 @@ /* Maximum accepted message length */ #define AGENT_MAX_LEN (256*1024) +/* Maximum bytes to read from client socket */ +#define AGENT_RBUF_LEN (4096) typedef enum { AUTH_UNUSED, @@ -839,7 +841,7 @@ handle_socket_read(u_int socknum) static int handle_conn_read(u_int socknum) { - char buf[1024]; + char buf[AGENT_RBUF_LEN]; ssize_t len; int r; @@ -946,6 +948,7 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) struct pollfd *pfd = *pfdp; size_t i, j, npfd = 0; time_t deadline; + int r; /* Count active sockets */ for (i = 0; i < sockets_alloc; i++) { @@ -983,8 +986,19 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) case AUTH_CONNECTION: pfd[j].fd = sockets[i].fd; pfd[j].revents = 0; - /* XXX backoff when input buffer full */ - pfd[j].events = POLLIN; + /* + * Only prepare to read if we can handle a full-size + * input read buffer and enqueue a max size reply.. + */ + if ((r = sshbuf_check_reserve(sockets[i].input, + AGENT_RBUF_LEN)) == 0 && + (r = sshbuf_check_reserve(sockets[i].output, + AGENT_MAX_LEN)) == 0) + pfd[j].events = POLLIN; + else if (r != SSH_ERR_NO_BUFFER_SPACE) { + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + } if (sshbuf_len(sockets[i].output) > 0) pfd[j].events |= POLLOUT; j++; -- cgit v1.2.3 From bb956eaa94757ad058ff43631c3a7d6c94d38c2f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 23 Jan 2019 00:30:41 +0000 Subject: upstream: pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 --- kex.h | 4 ++-- kexgen.c | 67 ++++++++++++++++++++++++++++++++++++--------------------------- kexgex.c | 18 ++++++++--------- kexgexc.c | 29 +++++++++++++++------------ kexgexs.c | 25 +++++++++++++----------- 5 files changed, 80 insertions(+), 63 deletions(-) diff --git a/kex.h b/kex.h index 44e6d1972..6d446d1cc 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.106 2019/01/21 10:40:11 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.107 2019/01/23 00:30:41 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -229,7 +229,7 @@ int kex_dh_keygen(struct kex *); int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *); int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, - const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + const struct sshbuf *, const struct sshbuf *, const struct sshbuf *, int, int, int, const BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, const u_char *, size_t, diff --git a/kexgen.c b/kexgen.c index 91c960fe6..bb0cb5c1b 100644 --- a/kexgen.c +++ b/kexgen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgen.c,v 1.1 2019/01/21 11:22:00 djm Exp $ */ +/* $OpenBSD: kexgen.c,v 1.2 2019/01/23 00:30:41 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -48,9 +48,9 @@ kex_gen_hash( int hash_alg, const struct sshbuf *client_version, const struct sshbuf *server_version, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, + const struct sshbuf *client_kexinit, + const struct sshbuf *server_kexinit, + const struct sshbuf *server_host_key_blob, const struct sshbuf *client_pub, const struct sshbuf *server_pub, const struct sshbuf *shared_secret, @@ -66,13 +66,13 @@ kex_gen_hash( if ((r = sshbuf_put_stringb(b, client_version)) != 0 || (r = sshbuf_put_stringb(b, server_version)) != 0 || /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u32(b, sshbuf_len(client_kexinit) + 1)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_putb(b, client_kexinit)) != 0 || + (r = sshbuf_put_u32(b, sshbuf_len(server_kexinit) + 1)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (r = sshbuf_putb(b, server_kexinit)) != 0 || + (r = sshbuf_put_stringb(b, server_host_key_blob)) != 0 || (r = sshbuf_put_stringb(b, client_pub)) != 0 || (r = sshbuf_put_stringb(b, server_pub)) != 0 || (r = sshbuf_putb(b, shared_secret)) != 0) { @@ -139,16 +139,21 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) struct sshkey *server_host_key = NULL; struct sshbuf *shared_secret = NULL; struct sshbuf *server_blob = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; + struct sshbuf *tmp = NULL, *server_host_key_blob = NULL; + u_char *signature = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; + size_t slen, hashlen; int r; /* hostkey */ - if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) + if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0) + goto out; + /* sshkey_fromb() consumes its buffer, so make a copy */ + if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_fromb(tmp, &server_host_key)) != 0) goto out; if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) goto out; @@ -192,9 +197,9 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) kex->hash_alg, kex->client_version, kex->server_version, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, + kex->my, + kex->peer, + server_host_key_blob, kex->client_pub, server_blob, shared_secret, @@ -212,8 +217,9 @@ out: explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); explicit_bzero(kex->sntrup4591761_client_key, sizeof(kex->sntrup4591761_client_key)); - free(server_host_key_blob); + sshbuf_free(server_host_key_blob); free(signature); + sshbuf_free(tmp); sshkey_free(server_host_key); sshbuf_free(server_blob); sshbuf_free(shared_secret); @@ -238,9 +244,9 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) struct sshbuf *shared_secret = NULL; struct sshbuf *server_pubkey = NULL; struct sshbuf *client_pubkey = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; + struct sshbuf *server_host_key_blob = NULL; + u_char *signature = NULL, hash[SSH_DIGEST_MAX_LENGTH]; + size_t slen, hashlen; int r; if ((r = kex_load_hostkey(ssh, &server_host_private, @@ -281,17 +287,20 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) goto out; /* calc H */ - if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) + if ((server_host_key_blob = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_putb(server_host_public, server_host_key_blob)) != 0) goto out; hashlen = sizeof(hash); if ((r = kex_gen_hash( kex->hash_alg, kex->client_version, kex->server_version, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, + kex->peer, + kex->my, + server_host_key_blob, client_pubkey, server_pubkey, shared_secret, @@ -305,7 +314,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || + (r = sshpkt_put_stringb(ssh, server_host_key_blob)) != 0 || (r = sshpkt_put_stringb(ssh, server_pubkey)) != 0 || (r = sshpkt_put_string(ssh, signature, slen)) != 0 || (r = sshpkt_send(ssh)) != 0) @@ -315,7 +324,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); - free(server_host_key_blob); + sshbuf_free(server_host_key_blob); free(signature); sshbuf_free(shared_secret); sshbuf_free(client_pubkey); diff --git a/kexgex.c b/kexgex.c index f828f2b20..8040a1320 100644 --- a/kexgex.c +++ b/kexgex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgex.c,v 1.31 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexgex.c,v 1.32 2019/01/23 00:30:41 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -48,9 +48,9 @@ kexgex_hash( int hash_alg, const struct sshbuf *client_version, const struct sshbuf *server_version, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, + const struct sshbuf *client_kexinit, + const struct sshbuf *server_kexinit, + const struct sshbuf *server_host_key_blob, int min, int wantbits, int max, const BIGNUM *prime, const BIGNUM *gen, @@ -69,13 +69,13 @@ kexgex_hash( if ((r = sshbuf_put_stringb(b, client_version)) < 0 || (r = sshbuf_put_stringb(b, server_version)) < 0 || /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u32(b, sshbuf_len(client_kexinit) + 1)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_putb(b, client_kexinit)) != 0 || + (r = sshbuf_put_u32(b, sshbuf_len(server_kexinit) + 1)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (r = sshbuf_putb(b, server_kexinit)) != 0 || + (r = sshbuf_put_stringb(b, server_host_key_blob)) != 0 || (min != -1 && (r = sshbuf_put_u32(b, min)) != 0) || (r = sshbuf_put_u32(b, wantbits)) != 0 || (max != -1 && (r = sshbuf_put_u32(b, max)) != 0) || diff --git a/kexgexc.c b/kexgexc.c index ac42127af..1c65b8a18 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -146,20 +146,24 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) BIGNUM *dh_server_pub = NULL; const BIGNUM *pub_key, *dh_p, *dh_g; struct sshbuf *shared_secret = NULL; + struct sshbuf *tmp = NULL, *server_host_key_blob = NULL; struct sshkey *server_host_key = NULL; - u_char *signature = NULL, *server_host_key_blob = NULL; + u_char *signature = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; + size_t slen, hashlen; int r; debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); /* key, cert */ - if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) + if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0) goto out; - if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) + /* sshkey_fromb() consumes its buffer, so make a copy */ + if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_fromb(tmp, &server_host_key)) != 0 || + (r = kex_verify_host_key(ssh, server_host_key)) != 0) goto out; /* DH parameter f, server public DH key, signed H */ if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || @@ -183,9 +187,9 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) kex->hash_alg, kex->client_version, kex->server_version, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, + kex->my, + kex->peer, + server_host_key_blob, kex->min, kex->nbits, kex->max, dh_p, dh_g, pub_key, @@ -207,7 +211,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) BN_clear_free(dh_server_pub); sshbuf_free(shared_secret); sshkey_free(server_host_key); - free(server_host_key_blob); + sshbuf_free(tmp); + sshbuf_free(server_host_key_blob); free(signature); return r; } diff --git a/kexgexs.c b/kexgexs.c index a617d4453..8ee3aaccb 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.41 2019/01/21 10:05:09 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.42 2019/01/23 00:30:41 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -129,11 +129,11 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) BIGNUM *dh_client_pub = NULL; const BIGNUM *pub_key, *dh_p, *dh_g; struct sshbuf *shared_secret = NULL; + struct sshbuf *server_host_key_blob = NULL; struct sshkey *server_host_public, *server_host_private; - u_char *signature = NULL, *server_host_key_blob = NULL; + u_char *signature = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t sbloblen, slen; - size_t hashlen; + size_t slen, hashlen; int r; if ((r = kex_load_hostkey(ssh, &server_host_private, @@ -150,8 +150,11 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) } if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0) goto out; - if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) + if ((server_host_key_blob = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_putb(server_host_public, server_host_key_blob)) != 0) goto out; /* calc H */ @@ -162,9 +165,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) kex->hash_alg, kex->client_version, kex->server_version, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, + kex->peer, + kex->my, + server_host_key_blob, kex->min, kex->nbits, kex->max, dh_p, dh_g, dh_client_pub, @@ -180,7 +183,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) /* send server hostkey, DH pubkey 'f' and signed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || + (r = sshpkt_put_stringb(ssh, server_host_key_blob)) != 0 || (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ (r = sshpkt_put_string(ssh, signature, slen)) != 0 || (r = sshpkt_send(ssh)) != 0) @@ -194,7 +197,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) kex->dh = NULL; BN_clear_free(dh_client_pub); sshbuf_free(shared_secret); - free(server_host_key_blob); + sshbuf_free(server_host_key_blob); free(signature); return r; } -- cgit v1.2.3 From 2c223878e53cc46def760add459f5f7c4fb43e35 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 23 Jan 2019 02:01:10 +0000 Subject: upstream: switch mainloop from select(2) to poll(2); ok deraadt@ OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e --- ssh-pkcs11-helper.c | 42 +++++++++++++++++++----------------------- 1 file changed, 19 insertions(+), 23 deletions(-) diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index c7dfea279..97fb1212c 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.16 2019/01/21 12:53:35 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.17 2019/01/23 02:01:10 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -24,10 +24,11 @@ #include "openbsd-compat/sys-queue.h" +#include +#include #include #include #include -#include #include "xmalloc.h" #include "sshbuf.h" @@ -311,14 +312,13 @@ cleanup_exit(int i) int main(int argc, char **argv) { - fd_set *rset, *wset; int r, ch, in, out, max, log_stderr = 0; - ssize_t len, olen, set_size; + ssize_t len; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; LogLevel log_level = SYSLOG_LEVEL_ERROR; char buf[4*4096]; - extern char *__progname; + struct pollfd pfd[2]; ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); @@ -360,13 +360,10 @@ main(int argc, char **argv) if ((oqueue = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); - set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); - rset = xmalloc(set_size); - wset = xmalloc(set_size); - - for (;;) { - memset(rset, 0, set_size); - memset(wset, 0, set_size); + while (1) { + memset(pfd, 0, sizeof(pfd)); + pfd[0].fd = in; + pfd[1].fd = out; /* * Ensure that we can read a full buffer and handle @@ -375,23 +372,21 @@ main(int argc, char **argv) */ if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 && (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) - FD_SET(in, rset); + pfd[0].events = POLLIN; else if (r != SSH_ERR_NO_BUFFER_SPACE) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - olen = sshbuf_len(oqueue); - if (olen > 0) - FD_SET(out, wset); + if (sshbuf_len(oqueue) > 0) + pfd[1].events = POLLOUT; - if (select(max+1, rset, wset, NULL, NULL) < 0) { - if (errno == EINTR) + if ((r = poll(pfd, 2, -1 /* INFTIM */)) <= 0) { + if (r == 0 || errno == EINTR) continue; - error("select: %s", strerror(errno)); - cleanup_exit(2); + fatal("poll: %s", strerror(errno)); } /* copy stdin to iqueue */ - if (FD_ISSET(in, rset)) { + if ((pfd[0].revents & (POLLIN|POLLERR)) != 0) { len = read(in, buf, sizeof buf); if (len == 0) { debug("read eof"); @@ -405,8 +400,9 @@ main(int argc, char **argv) } } /* send oqueue to stdout */ - if (FD_ISSET(out, wset)) { - len = write(out, sshbuf_ptr(oqueue), olen); + if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) { + len = write(out, sshbuf_ptr(oqueue), + sshbuf_len(oqueue)); if (len < 0) { error("write: %s", strerror(errno)); cleanup_exit(1); -- cgit v1.2.3 From 2265402dc7d701a9aca9f8a7b7b0fd45b65c479f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 23 Jan 2019 13:03:16 +1100 Subject: depend --- .depend | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.depend b/.depend index b2f992834..5524c9e5c 100644 --- a/.depend +++ b/.depend @@ -65,11 +65,11 @@ kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -kexgen.o: sshkey.h kex.h mac.h crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h +kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -kexsntrup4591761x25519.o: sshkey.h kex.h mac.h crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h ssherr.h +kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h -- cgit v1.2.3 From 851f80328931975fe68f71af363c4537cb896da2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 23 Jan 2019 04:16:22 +0000 Subject: upstream: move a bunch of global flag variables to main(); make the rest static OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc --- ssh-keygen.c | 176 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 82 insertions(+), 94 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 6077bb20e..ffb92fd94 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.324 2019/01/22 20:48:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.325 2019/01/23 04:16:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -71,75 +71,38 @@ #define DEFAULT_BITS 2048 #define DEFAULT_BITS_DSA 1024 #define DEFAULT_BITS_ECDSA 256 -u_int32_t bits = 0; -/* - * Flag indicating that we just want to change the passphrase. This can be - * set on the command line. - */ -int change_passphrase = 0; - -/* - * Flag indicating that we just want to change the comment. This can be set - * on the command line. - */ -int change_comment = 0; - -int quiet = 0; - -int log_level = SYSLOG_LEVEL_INFO; - -/* Flag indicating that we want to hash a known_hosts file */ -int hash_hosts = 0; -/* Flag indicating that we want lookup a host in known_hosts file */ -int find_host = 0; -/* Flag indicating that we want to delete a host from a known_hosts file */ -int delete_host = 0; - -/* Flag indicating that we want to show the contents of a certificate */ -int show_cert = 0; +static int quiet = 0; /* Flag indicating that we just want to see the key fingerprint */ -int print_fingerprint = 0; -int print_bubblebabble = 0; +static int print_fingerprint = 0; +static int print_bubblebabble = 0; /* Hash algorithm to use for fingerprints. */ -int fingerprint_hash = SSH_FP_HASH_DEFAULT; +static int fingerprint_hash = SSH_FP_HASH_DEFAULT; /* The identity file name, given on the command line or entered by the user. */ -char identity_file[1024]; -int have_identity = 0; +static char identity_file[1024]; +static int have_identity = 0; /* This is set to the passphrase if given on the command line. */ -char *identity_passphrase = NULL; +static char *identity_passphrase = NULL; /* This is set to the new passphrase if given on the command line. */ -char *identity_new_passphrase = NULL; - -/* This is set to the new comment if given on the command line. */ -char *identity_comment = NULL; - -/* Path to CA key when certifying keys. */ -char *ca_key_path = NULL; - -/* Prefer to use agent keys for CA signing */ -int prefer_agent = 0; - -/* Certificate serial number */ -unsigned long long cert_serial = 0; +static char *identity_new_passphrase = NULL; /* Key type when certifying */ -u_int cert_key_type = SSH2_CERT_TYPE_USER; +static u_int cert_key_type = SSH2_CERT_TYPE_USER; /* "key ID" of signed key */ -char *cert_key_id = NULL; +static char *cert_key_id = NULL; /* Comma-separated list of principal names for certifying keys */ -char *cert_principals = NULL; +static char *cert_principals = NULL; /* Validity period for certificates */ -u_int64_t cert_valid_from = 0; -u_int64_t cert_valid_to = ~0ULL; +static u_int64_t cert_valid_from = 0; +static u_int64_t cert_valid_to = ~0ULL; /* Certificate options */ #define CERTOPT_X_FWD (1) @@ -149,9 +112,9 @@ u_int64_t cert_valid_to = ~0ULL; #define CERTOPT_USER_RC (1<<4) #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) -u_int32_t certflags_flags = CERTOPT_DEFAULT; -char *certflags_command = NULL; -char *certflags_src_addr = NULL; +static u_int32_t certflags_flags = CERTOPT_DEFAULT; +static char *certflags_command = NULL; +static char *certflags_src_addr = NULL; /* Arbitrary extensions specified by user */ struct cert_userext { @@ -159,41 +122,37 @@ struct cert_userext { char *val; int crit; }; -struct cert_userext *cert_userext; -size_t ncert_userext; +static struct cert_userext *cert_userext; +static size_t ncert_userext; /* Conversion to/from various formats */ -int convert_to = 0; -int convert_from = 0; enum { FMT_RFC4716, FMT_PKCS8, FMT_PEM } convert_format = FMT_RFC4716; -int print_public = 0; -int print_generic = 0; -char *key_type_name = NULL; +static char *key_type_name = NULL; /* Load key from this PKCS#11 provider */ -char *pkcs11provider = NULL; +static char *pkcs11provider = NULL; /* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ -int use_new_format = 1; +static int use_new_format = 1; /* Cipher for new-format private keys */ -char *new_format_cipher = NULL; +static char *new_format_cipher = NULL; /* * Number of KDF rounds to derive new format keys / * number of primality trials when screening moduli. */ -int rounds = 0; +static int rounds = 0; /* argv0 */ extern char *__progname; -char hostname[NI_MAXHOST]; +static char hostname[NI_MAXHOST]; #ifdef WITH_OPENSSL /* moduli.c */ @@ -823,7 +782,7 @@ do_download(struct passwd *pw) fatal("%s: sshkey_fingerprint fail", __func__); printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), fp, sshkey_type(keys[i])); - if (log_level >= SYSLOG_LEVEL_VERBOSE) + if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); free(ra); free(fp); @@ -871,7 +830,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) fatal("%s: sshkey_fingerprint failed", __func__); mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) + if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); free(ra); free(fp); @@ -1019,6 +978,7 @@ do_gen_all_hostkeys(struct passwd *pw) { NULL, NULL, NULL } }; + u_int bits = 0; int first = 0; struct stat st; struct sshkey *private, *public; @@ -1142,6 +1102,9 @@ struct known_hosts_ctx { int has_unhashed; /* When hashing, original had unhashed hosts */ int found_key; /* For find/delete, host was found */ int invalid; /* File contained invalid items; don't delete */ + int hash_hosts; /* Hash hostnames as we go */ + int find_host; /* Search for specific hostname */ + int delete_host; /* Delete host from known_hosts */ }; static int @@ -1161,7 +1124,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) */ if (was_hashed || has_wild || l->marker != MRK_NONE) { fprintf(ctx->out, "%s\n", l->line); - if (has_wild && !find_host) { + if (has_wild && !ctx->find_host) { logit("%s:%lu: ignoring host name " "with wildcard: %.64s", l->path, l->linenum, l->hosts); @@ -1207,7 +1170,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; if (l->status == HKF_STATUS_MATCHED) { - if (delete_host) { + if (ctx->delete_host) { if (l->marker != MRK_NONE) { /* Don't remove CA and revocation lines */ fprintf(ctx->out, "%s\n", l->line); @@ -1223,7 +1186,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) ctx->host, l->linenum); } return 0; - } else if (find_host) { + } else if (ctx->find_host) { ctx->found_key = 1; if (!quiet) { printf("# Host %s found: line %lu %s\n", @@ -1231,7 +1194,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) l->linenum, l->marker == MRK_CA ? "CA" : (l->marker == MRK_REVOKE ? "REVOKED" : "")); } - if (hash_hosts) + if (ctx->hash_hosts) known_hosts_hash(l, ctx); else if (print_fingerprint) { fp = sshkey_fingerprint(l->key, fptype, rep); @@ -1242,7 +1205,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) fprintf(ctx->out, "%s\n", l->line); return 0; } - } else if (delete_host) { + } else if (ctx->delete_host) { /* Retain non-matching hosts when deleting */ if (l->status == HKF_STATUS_INVALID) { ctx->invalid = 1; @@ -1254,7 +1217,8 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) } static void -do_known_hosts(struct passwd *pw, const char *name) +do_known_hosts(struct passwd *pw, const char *name, int find_host, + int delete_host, int hash_hosts) { char *cp, tmp[PATH_MAX], old[PATH_MAX]; int r, fd, oerrno, inplace = 0; @@ -1273,6 +1237,9 @@ do_known_hosts(struct passwd *pw, const char *name) memset(&ctx, 0, sizeof(ctx)); ctx.out = stdout; ctx.host = name; + ctx.hash_hosts = hash_hosts; + ctx.find_host = find_host; + ctx.delete_host = delete_host; /* * Find hosts goes to stdout, hash and deletions happen in-place @@ -1437,7 +1404,8 @@ do_change_passphrase(struct passwd *pw) * Print the SSHFP RR. */ static int -do_print_resource_record(struct passwd *pw, char *fname, char *hname) +do_print_resource_record(struct passwd *pw, char *fname, char *hname, + int print_generic) { struct sshkey *public; char *comment = NULL; @@ -1464,7 +1432,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) * Change the comment of a private key file. */ static void -do_change_comment(struct passwd *pw) +do_change_comment(struct passwd *pw, const char *identity_comment) { char new_comment[1024], *comment, *passphrase; struct sshkey *private; @@ -1676,7 +1644,8 @@ agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, } static void -do_ca_sign(struct passwd *pw, int argc, char **argv) +do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, + unsigned long long cert_serial, int argc, char **argv) { int r, i, fd, found, agent_fd = -1; u_int n; @@ -2302,7 +2271,9 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, } static void -do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) +do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, + unsigned long long krl_version, const char *krl_comment, + int argc, char **argv) { struct ssh_krl *krl; struct stat sb; @@ -2337,10 +2308,10 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) else if ((krl = ssh_krl_init()) == NULL) fatal("couldn't create KRL"); - if (cert_serial != 0) - ssh_krl_set_version(krl, cert_serial); - if (identity_comment != NULL) - ssh_krl_set_comment(krl, identity_comment); + if (krl_version != 0) + ssh_krl_set_version(krl, krl_version); + if (krl_comment != NULL) + ssh_krl_set_comment(krl, krl_comment); for (i = 0; i < argc; i++) update_krl_from_file(pw, argv[i], wild_ca, ca, krl); @@ -2439,9 +2410,17 @@ main(int argc, char **argv) struct passwd *pw; struct stat st; int r, opt, type, fd; + int change_passphrase = 0, change_comment = 0, show_cert = 0; + int find_host = 0, delete_host = 0, hash_hosts = 0; int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; + int prefer_agent = 0, convert_to = 0, convert_from = 0; + int print_public = 0, print_generic = 0; + unsigned long long cert_serial = 0; + char *identity_comment = NULL, *ca_key_path = NULL; + u_int bits = 0; FILE *f; const char *errstr; + int log_level = SYSLOG_LEVEL_INFO; #ifdef WITH_OPENSSL /* Moduli generation/screening */ char out_file[PATH_MAX], *checkpoint = NULL; @@ -2710,7 +2689,8 @@ main(int argc, char **argv) usage(); } if (gen_krl) { - do_gen_krl(pw, update_krl, argc, argv); + do_gen_krl(pw, update_krl, ca_key_path, + cert_serial, identity_comment, argc, argv); return (0); } if (check_krl) { @@ -2720,12 +2700,15 @@ main(int argc, char **argv) if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); - do_ca_sign(pw, argc, argv); + do_ca_sign(pw, ca_key_path, prefer_agent, cert_serial, + argc, argv); } if (show_cert) do_show_cert(pw); - if (delete_host || hash_hosts || find_host) - do_known_hosts(pw, rr_hostname); + if (delete_host || hash_hosts || find_host) { + do_known_hosts(pw, rr_hostname, find_host, + delete_host, hash_hosts); + } if (pkcs11provider != NULL) do_download(pw); if (print_fingerprint || print_bubblebabble) @@ -2733,7 +2716,7 @@ main(int argc, char **argv) if (change_passphrase) do_change_passphrase(pw); if (change_comment) - do_change_comment(pw); + do_change_comment(pw, identity_comment); #ifdef WITH_OPENSSL if (convert_to) do_convert_to(pw); @@ -2746,23 +2729,28 @@ main(int argc, char **argv) unsigned int n = 0; if (have_identity) { - n = do_print_resource_record(pw, - identity_file, rr_hostname); + n = do_print_resource_record(pw, identity_file, + rr_hostname, print_generic); if (n == 0) fatal("%s: %s", identity_file, strerror(errno)); exit(0); } else { n += do_print_resource_record(pw, - _PATH_HOST_RSA_KEY_FILE, rr_hostname); + _PATH_HOST_RSA_KEY_FILE, rr_hostname, + print_generic); n += do_print_resource_record(pw, - _PATH_HOST_DSA_KEY_FILE, rr_hostname); + _PATH_HOST_DSA_KEY_FILE, rr_hostname, + print_generic); n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); + _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, + print_generic); n += do_print_resource_record(pw, - _PATH_HOST_ED25519_KEY_FILE, rr_hostname); + _PATH_HOST_ED25519_KEY_FILE, rr_hostname, + print_generic); n += do_print_resource_record(pw, - _PATH_HOST_XMSS_KEY_FILE, rr_hostname); + _PATH_HOST_XMSS_KEY_FILE, rr_hostname, + print_generic); if (n == 0) fatal("no keys found."); exit(0); -- cgit v1.2.3 From be063945e4e7d46b1734d973bf244c350fae172a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 23 Jan 2019 04:51:02 +0000 Subject: upstream: allow auto-incrementing certificate serial number for certs signed in a single commandline. OpenBSD-Commit-ID: 39881087641efb8cd83c7ec13b9c98280633f45b --- ssh-keygen.1 | 10 ++++++++-- ssh-keygen.c | 17 ++++++++++++----- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 474f4294a..0c284a295 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.155 2019/01/22 11:40:42 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.156 2019/01/23 04:51:02 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 22 2019 $ +.Dd $Mdocdate: January 23 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -640,6 +640,12 @@ OpenSSH format file and print an OpenSSH public key to stdout. .It Fl z Ar serial_number Specifies a serial number to be embedded in the certificate to distinguish this certificate from others from the same CA. +If the +.Ar serial_number +is prefixed with a +.Sq + +character, then the serial number will be incremented for each certificate +signed on a single command-line. The default serial number is zero. .Pp When generating a KRL, the diff --git a/ssh-keygen.c b/ssh-keygen.c index ffb92fd94..992491f15 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.325 2019/01/23 04:16:22 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.326 2019/01/23 04:51:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1645,7 +1645,8 @@ agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, static void do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, - unsigned long long cert_serial, int argc, char **argv) + unsigned long long cert_serial, int cert_serial_autoinc, + int argc, char **argv) { int r, i, fd, found, agent_fd = -1; u_int n; @@ -1785,6 +1786,8 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, sshkey_free(public); free(out); + if (cert_serial_autoinc) + cert_serial++; } #ifdef ENABLE_PKCS11 pkcs11_terminate(); @@ -2414,7 +2417,7 @@ main(int argc, char **argv) int find_host = 0, delete_host = 0, hash_hosts = 0; int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; int prefer_agent = 0, convert_to = 0, convert_from = 0; - int print_public = 0, print_generic = 0; + int print_public = 0, print_generic = 0, cert_serial_autoinc = 0; unsigned long long cert_serial = 0; char *identity_comment = NULL, *ca_key_path = NULL; u_int bits = 0; @@ -2610,6 +2613,10 @@ main(int argc, char **argv) break; case 'z': errno = 0; + if (*optarg == '+') { + cert_serial_autoinc = 1; + optarg++; + } cert_serial = strtoull(optarg, &ep, 10); if (*optarg < '0' || *optarg > '9' || *ep != '\0' || (errno == ERANGE && cert_serial == ULLONG_MAX)) @@ -2700,8 +2707,8 @@ main(int argc, char **argv) if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); - do_ca_sign(pw, ca_key_path, prefer_agent, cert_serial, - argc, argv); + do_ca_sign(pw, ca_key_path, prefer_agent, + cert_serial, cert_serial_autoinc, argc, argv); } if (show_cert) do_show_cert(pw); -- cgit v1.2.3 From f236ca2741f29b5c443c0b2db3aa9afb9ad9befe Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Jan 2019 09:50:58 +1100 Subject: Also undef SIMPLEQ_FOREACH_SAFE. Prevents macro redefinition warning on at least NetBSD 6.1. --- openbsd-compat/sys-queue.h | 1 + 1 file changed, 1 insertion(+) diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h index af93d6814..5108f394c 100644 --- a/openbsd-compat/sys-queue.h +++ b/openbsd-compat/sys-queue.h @@ -81,6 +81,7 @@ #undef SIMPLEQ_EMPTY #undef SIMPLEQ_NEXT #undef SIMPLEQ_FOREACH +#undef SIMPLEQ_FOREACH_SAFE #undef SIMPLEQ_INIT #undef SIMPLEQ_INSERT_HEAD #undef SIMPLEQ_INSERT_TAIL -- cgit v1.2.3 From 5cb503dff4db251520e8bf7d23b9c97c06eee031 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Jan 2019 09:55:16 +1100 Subject: Include unistd.h for strmode(). --- sftp-common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sftp-common.c b/sftp-common.c index 5d743d3b2..677f27d63 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -36,6 +36,7 @@ #include #include #include +#include #ifdef HAVE_UTIL_H #include #endif -- cgit v1.2.3 From 6249451f381755f792c6b9e2c2f80cdc699c14e2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Jan 2019 10:00:20 +1100 Subject: For broken read/readv comparisons, poll(RW). In the cases where we can't compare to read or readv function pointers for some reason we currently ifdef out the poll() used to block while waiting for reads or writes, falling back to busy waiting. This restores the poll() in this case, but has it always check for read or write, removing an inline ifdef in the process. --- atomicio.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/atomicio.c b/atomicio.c index f854a06f5..cffa9fa7d 100644 --- a/atomicio.c +++ b/atomicio.c @@ -57,9 +57,11 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, ssize_t res; struct pollfd pfd; -#ifndef BROKEN_READ_COMPARISON pfd.fd = fd; +#ifndef BROKEN_READ_COMPARISON pfd.events = f == read ? POLLIN : POLLOUT; +#else + pfd.events = POLLIN|POLLOUT; #endif while (n > pos) { res = (f) (fd, s + pos, n - pos); @@ -68,9 +70,7 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, if (errno == EINTR) continue; if (errno == EAGAIN || errno == EWOULDBLOCK) { -#ifndef BROKEN_READ_COMPARISON (void)poll(&pfd, 1, -1); -#endif continue; } return 0; @@ -114,9 +114,11 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, /* Make a copy of the iov array because we may modify it below */ memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov)); -#ifndef BROKEN_READV_COMPARISON pfd.fd = fd; +#ifndef BROKEN_READV_COMPARISON pfd.events = f == readv ? POLLIN : POLLOUT; +#else + pfd.events = POLLIN|POLLOUT; #endif for (; iovcnt > 0 && iov[0].iov_len > 0;) { res = (f) (fd, iov, iovcnt); @@ -125,9 +127,7 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, if (errno == EINTR) continue; if (errno == EAGAIN || errno == EWOULDBLOCK) { -#ifndef BROKEN_READV_COMPARISON (void)poll(&pfd, 1, -1); -#endif continue; } return 0; -- cgit v1.2.3 From 8976f1c4b2721c26e878151f52bdf346dfe2d54c Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 23 Jan 2019 08:01:46 +0000 Subject: upstream: Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@ OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 --- atomicio.c | 20 +++++++++++++++----- progressmeter.c | 53 ++++++++++++++++++++++++----------------------------- progressmeter.h | 3 ++- scp.c | 3 ++- sftp-client.c | 18 ++++++++++-------- 5 files changed, 53 insertions(+), 44 deletions(-) diff --git a/atomicio.c b/atomicio.c index cffa9fa7d..845b328ee 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ +/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -67,9 +67,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, res = (f) (fd, s + pos, n - pos); switch (res) { case -1: - if (errno == EINTR) + if (errno == EINTR) { + /* possible SIGALARM, update callback */ + if (cb != NULL && cb(cb_arg, 0) == -1) { + errno = EINTR; + return pos; + } continue; - if (errno == EAGAIN || errno == EWOULDBLOCK) { + } else if (errno == EAGAIN || errno == EWOULDBLOCK) { (void)poll(&pfd, 1, -1); continue; } @@ -124,9 +129,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, res = (f) (fd, iov, iovcnt); switch (res) { case -1: - if (errno == EINTR) + if (errno == EINTR) { + /* possible SIGALARM, update callback */ + if (cb != NULL && cb(cb_arg, 0) == -1) { + errno = EINTR; + return pos; + } continue; - if (errno == EAGAIN || errno == EWOULDBLOCK) { + } else if (errno == EAGAIN || errno == EWOULDBLOCK) { (void)poll(&pfd, 1, -1); continue; } diff --git a/progressmeter.c b/progressmeter.c index fe9bf52e4..add462dde 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -31,6 +31,7 @@ #include #include +#include #include #include #include @@ -39,6 +40,7 @@ #include "progressmeter.h" #include "atomicio.h" #include "misc.h" +#include "utf8.h" #define DEFAULT_WINSIZE 80 #define MAX_WINSIZE 512 @@ -61,7 +63,7 @@ static void setscreensize(void); void refresh_progress_meter(void); /* signal handler for updating the progress meter */ -static void update_progress_meter(int); +static void sig_alarm(int); static double start; /* start progress */ static double last_update; /* last progress update */ @@ -74,6 +76,7 @@ static long stalled; /* how long we have been stalled */ static int bytes_per_second; /* current speed in bytes per second */ static int win_size; /* terminal window size */ static volatile sig_atomic_t win_resized; /* for window resizing */ +static volatile sig_atomic_t alarm_fired; /* units for format_size */ static const char unit[] = " KMGT"; @@ -126,9 +129,17 @@ refresh_progress_meter(void) off_t bytes_left; int cur_speed; int hours, minutes, seconds; - int i, len; int file_len; + if ((!alarm_fired && !win_resized) || !can_output()) + return; + alarm_fired = 0; + + if (win_resized) { + setscreensize(); + win_resized = 0; + } + transferred = *counter - (cur_pos ? cur_pos : start_pos); cur_pos = *counter; now = monotime_double(); @@ -158,16 +169,11 @@ refresh_progress_meter(void) /* filename */ buf[0] = '\0'; - file_len = win_size - 35; + file_len = win_size - 36; if (file_len > 0) { - len = snprintf(buf, file_len + 1, "\r%s", file); - if (len < 0) - len = 0; - if (len >= file_len + 1) - len = file_len; - for (i = len; i < file_len; i++) - buf[i] = ' '; - buf[file_len] = '\0'; + buf[0] = '\r'; + snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", + file_len * -1, file); } /* percent of transfer done */ @@ -228,22 +234,11 @@ refresh_progress_meter(void) /*ARGSUSED*/ static void -update_progress_meter(int ignore) +sig_alarm(int ignore) { - int save_errno; - - save_errno = errno; - - if (win_resized) { - setscreensize(); - win_resized = 0; - } - if (can_output()) - refresh_progress_meter(); - - signal(SIGALRM, update_progress_meter); + signal(SIGALRM, sig_alarm); + alarm_fired = 1; alarm(UPDATE_INTERVAL); - errno = save_errno; } void @@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) bytes_per_second = 0; setscreensize(); - if (can_output()) - refresh_progress_meter(); + refresh_progress_meter(); - signal(SIGALRM, update_progress_meter); + signal(SIGALRM, sig_alarm); signal(SIGWINCH, sig_winch); alarm(UPDATE_INTERVAL); } @@ -286,6 +280,7 @@ stop_progress_meter(void) static void sig_winch(int sig) { + signal(SIGWINCH, sig_winch); win_resized = 1; } diff --git a/progressmeter.h b/progressmeter.h index bf179dca6..8f6678060 100644 --- a/progressmeter.h +++ b/progressmeter.h @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ +/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ /* * Copyright (c) 2002 Nils Nordman. All rights reserved. * @@ -24,4 +24,5 @@ */ void start_progress_meter(const char *, off_t, off_t *); +void refresh_progress_meter(void); void stop_progress_meter(void); diff --git a/scp.c b/scp.c index ae51137ee..25595a299 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.199 2019/01/21 22:50:42 tb Exp $ */ +/* $OpenBSD: scp.c,v 1.200 2019/01/23 08:01:46 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -588,6 +588,7 @@ scpio(void *_cnt, size_t s) off_t *cnt = (off_t *)_cnt; *cnt += s; + refresh_progress_meter(); if (limit_kbps > 0) bandwidth_limit(&bwlimit, s); return 0; diff --git a/sftp-client.c b/sftp-client.c index d3f80e5a0..36c4b8a4a 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.131 2019/01/16 23:23:45 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.132 2019/01/23 08:01:46 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -102,7 +102,9 @@ sftpio(void *_bwlimit, size_t amount) { struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; - bandwidth_limit(bwlimit, amount); + refresh_progress_meter(); + if (bwlimit != NULL) + bandwidth_limit(bwlimit, amount); return 0; } @@ -122,8 +124,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m) iov[1].iov_base = (u_char *)sshbuf_ptr(m); iov[1].iov_len = sshbuf_len(m); - if (atomiciov6(writev, conn->fd_out, iov, 2, - conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != + if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio, + conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) != sshbuf_len(m) + sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); @@ -139,8 +141,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) if ((r = sshbuf_reserve(m, 4, &p)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (atomicio6(read, conn->fd_in, p, 4, - conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { + if (atomicio6(read, conn->fd_in, p, 4, sftpio, + conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { if (errno == EPIPE || errno == ECONNRESET) fatal("Connection closed"); else @@ -158,8 +160,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (atomicio6(read, conn->fd_in, p, msg_len, - conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) + if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, + conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != msg_len) { if (errno == EPIPE) fatal("Connection closed"); -- cgit v1.2.3 From be3e6cba95dffe5fcf190c713525b48c837e7875 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 23 Jan 2019 09:49:00 +0000 Subject: upstream: Remove 3 as a guess for possible generator during moduli generation. It's not mentioned in RFC4419 and it's not possible for Sophie-Germain primes greater than 5. bz#2330, from Christian Wittenhorst , ok djm@ tb@ OpenBSD-Commit-ID: 1467652e6802ad3333b0959282d8d49dfe22c8cd --- moduli.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/moduli.c b/moduli.c index 48150dab2..7120415fd 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.33 2019/01/20 02:01:59 tb Exp $ */ +/* $OpenBSD: moduli.c,v 1.34 2019/01/23 09:49:00 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -716,8 +716,6 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, if (generator_known == 0) { if (BN_mod_word(p, 24) == 11) generator_known = 2; - else if (BN_mod_word(p, 12) == 5) - generator_known = 3; else { u_int32_t r = BN_mod_word(p, 10); -- cgit v1.2.3 From 177d6c80c557a5e060cd343a0c116a2f1a7f43db Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 23 Jan 2019 20:48:52 +0000 Subject: upstream: Remove duplicate word. bz#2958, patch from jjelen at redhat.com OpenBSD-Commit-ID: cca3965a8333f2b6aae48b79ec1d72f7a830dd2c --- sshd_config.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sshd_config.5 b/sshd_config.5 index c6484370b..142f84a19 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $ -.Dd $Mdocdate: September 20 2018 $ +.\" $OpenBSD: sshd_config.5,v 1.283 2019/01/23 20:48:52 dtucker Exp $ +.Dd $Mdocdate: January 23 2019 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1237,7 +1237,7 @@ Note also that .Xr ssh 1 will request a listen host of .Dq localhost -if no listen host was specifically requested, and this this name is +if no listen host was specifically requested, and this name is treated differently to explicit localhost addresses of .Dq 127.0.0.1 and -- cgit v1.2.3 From d05ea255678d9402beda4416cd0360f3e5dfe938 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 23 Jan 2019 21:50:56 +0000 Subject: upstream: Remove support for obsolete host/port syntax. host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH now supports for some things. Remove the slash notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen at redhat.com, ok markus@ OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7 --- misc.c | 4 ++-- misc.h | 3 ++- servconf.c | 20 ++++++++++++-------- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/misc.c b/misc.c index bfd786ef8..009e02bc5 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.136 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.137 2019/01/23 21:50:56 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -564,7 +564,7 @@ put_host_port(const char *host, u_short port) * The delimiter char, if present, is stored in delim. * If this is the last field, *cp is set to NULL. */ -static char * +char * hpdelim2(char **cp, char *delim) { char *s, *old; diff --git a/misc.h b/misc.h index 47177d838..5b4325aba 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.78 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.79 2019/01/23 21:50:56 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -57,6 +57,7 @@ int timeout_connect(int, const struct sockaddr *, socklen_t, int *); int a2port(const char *); int a2tun(const char *, int *); char *put_host_port(const char *, u_short); +char *hpdelim2(char **, char *); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); diff --git a/servconf.c b/servconf.c index 86c631bb0..1562bd875 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.346 2019/01/19 21:37:48 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.347 2019/01/23 21:50:56 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -878,7 +878,7 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, { u_int i; int port; - char *host, *arg, *oarg; + char *host, *arg, *oarg, ch; int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; const char *what = lookup_opcode_name(opcode); @@ -896,8 +896,8 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, /* Otherwise treat it as a list of permitted host:port */ for (i = 0; i < num_opens; i++) { oarg = arg = xstrdup(opens[i]); - host = hpdelim(&arg); - if (host == NULL) + host = hpdelim2(&arg, &ch); + if (host == NULL || ch == '/') fatal("%s: missing host in %s", __func__, what); host = cleanhostname(host); if (arg == NULL || ((port = permitopen_port(arg)) < 0)) @@ -1314,8 +1314,10 @@ process_server_config_line(ServerOptions *options, char *line, port = 0; p = arg; } else { - p = hpdelim(&arg); - if (p == NULL) + char ch; + arg2 = NULL; + p = hpdelim2(&arg, &ch); + if (p == NULL || ch == '/') fatal("%s line %d: bad address:port usage", filename, linenum); p = cleanhostname(p); @@ -1942,9 +1944,11 @@ process_server_config_line(ServerOptions *options, char *line, */ xasprintf(&arg2, "*:%s", arg); } else { + char ch; + arg2 = xstrdup(arg); - p = hpdelim(&arg); - if (p == NULL) { + p = hpdelim2(&arg, &ch); + if (p == NULL || ch == '/') { fatal("%s line %d: missing host in %s", filename, linenum, lookup_opcode_name(opcode)); -- cgit v1.2.3 From 281ce042579b834cdc1e74314f1fb2eeb75d2612 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 24 Jan 2019 02:34:52 +0000 Subject: upstream: Always initialize 2nd arg to hpdelim2. It populates that *ONLY IF* there's a delimiter. If there's not (the common case) it checked uninitialized memory, which usually passed, but if not would cause spurious failures when the uninitialized memory happens to contain "/". ok deraadt. OpenBSD-Commit-ID: 4291611eaf2a53d4c92f4a57c7f267c9f944e0d3 --- servconf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/servconf.c b/servconf.c index 1562bd875..d9680aba1 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.347 2019/01/23 21:50:56 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.348 2019/01/24 02:34:52 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -896,6 +896,7 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, /* Otherwise treat it as a list of permitted host:port */ for (i = 0; i < num_opens; i++) { oarg = arg = xstrdup(opens[i]); + ch = '\0'; host = hpdelim2(&arg, &ch); if (host == NULL || ch == '/') fatal("%s: missing host in %s", __func__, what); @@ -1214,7 +1215,7 @@ process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum, int *activep, struct connection_info *connectinfo) { - char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; + char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; int cmdline = 0, *intptr, value, value2, n, port; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; @@ -1314,8 +1315,8 @@ process_server_config_line(ServerOptions *options, char *line, port = 0; p = arg; } else { - char ch; arg2 = NULL; + ch = '\0'; p = hpdelim2(&arg, &ch); if (p == NULL || ch == '/') fatal("%s line %d: bad address:port usage", @@ -1944,9 +1945,8 @@ process_server_config_line(ServerOptions *options, char *line, */ xasprintf(&arg2, "*:%s", arg); } else { - char ch; - arg2 = xstrdup(arg); + ch = '\0'; p = hpdelim2(&arg, &ch); if (p == NULL || ch == '/') { fatal("%s line %d: missing host in %s", -- cgit v1.2.3 From 258e6ca003e47f944688ad8b8de087b58a7d966c Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 24 Jan 2019 02:42:23 +0000 Subject: upstream: Check for both EAGAIN and EWOULDBLOCK. This is a no-op in OpenBSD (they are the same value) but makes things easier in -portable where they may be distinct values. "sigh ok" deraadt@ (ID sync only, portable already had this change). OpenBSD-Commit-ID: 91f2bc7c0ecec905915ed59fa37feb9cc90e17d7 --- atomicio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atomicio.c b/atomicio.c index 845b328ee..e00c9f0d4 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */ +/* $OpenBSD: atomicio.c,v 1.30 2019/01/24 02:42:23 dtucker Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. -- cgit v1.2.3 From bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 24 Jan 2019 16:52:17 +0000 Subject: upstream: Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@ OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a --- progressmeter.c | 13 +++++-------- progressmeter.h | 4 ++-- scp.c | 4 ++-- sftp-client.c | 4 ++-- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/progressmeter.c b/progressmeter.c index add462dde..e385c1254 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.47 2019/01/24 16:52:17 dtucker Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -59,9 +59,6 @@ static void format_rate(char *, int, off_t); static void sig_winch(int); static void setscreensize(void); -/* updates the progressmeter to reflect the current state of the transfer */ -void refresh_progress_meter(void); - /* signal handler for updating the progress meter */ static void sig_alarm(int); @@ -120,7 +117,7 @@ format_size(char *buf, int size, off_t bytes) } void -refresh_progress_meter(void) +refresh_progress_meter(int force_update) { char buf[MAX_WINSIZE + 1]; off_t transferred; @@ -131,7 +128,7 @@ refresh_progress_meter(void) int hours, minutes, seconds; int file_len; - if ((!alarm_fired && !win_resized) || !can_output()) + if ((!force_update && !alarm_fired && !win_resized) || !can_output()) return; alarm_fired = 0; @@ -254,7 +251,7 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) bytes_per_second = 0; setscreensize(); - refresh_progress_meter(); + refresh_progress_meter(1); signal(SIGALRM, sig_alarm); signal(SIGWINCH, sig_winch); @@ -271,7 +268,7 @@ stop_progress_meter(void) /* Ensure we complete the progress */ if (cur_pos != end_pos) - refresh_progress_meter(); + refresh_progress_meter(1); atomicio(vwrite, STDOUT_FILENO, "\n", 1); } diff --git a/progressmeter.h b/progressmeter.h index 8f6678060..1703ea75b 100644 --- a/progressmeter.h +++ b/progressmeter.h @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ +/* $OpenBSD: progressmeter.h,v 1.5 2019/01/24 16:52:17 dtucker Exp $ */ /* * Copyright (c) 2002 Nils Nordman. All rights reserved. * @@ -24,5 +24,5 @@ */ void start_progress_meter(const char *, off_t, off_t *); -void refresh_progress_meter(void); +void refresh_progress_meter(int); void stop_progress_meter(void); diff --git a/scp.c b/scp.c index 25595a299..74dfe521a 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.200 2019/01/23 08:01:46 dtucker Exp $ */ +/* $OpenBSD: scp.c,v 1.201 2019/01/24 16:52:17 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -588,7 +588,7 @@ scpio(void *_cnt, size_t s) off_t *cnt = (off_t *)_cnt; *cnt += s; - refresh_progress_meter(); + refresh_progress_meter(0); if (limit_kbps > 0) bandwidth_limit(&bwlimit, s); return 0; diff --git a/sftp-client.c b/sftp-client.c index 36c4b8a4a..73e3c2f53 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.132 2019/01/23 08:01:46 dtucker Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.133 2019/01/24 16:52:17 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -102,7 +102,7 @@ sftpio(void *_bwlimit, size_t amount) { struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; - refresh_progress_meter(); + refresh_progress_meter(0); if (bwlimit != NULL) bandwidth_limit(bwlimit, amount); return 0; -- cgit v1.2.3 From 05b9a466700b44d49492edc2aa415fc2e8913dfe Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 24 Jan 2019 17:00:29 +0000 Subject: upstream: Accept the host key fingerprint as a synonym for "yes" when accepting an unknown host key. This allows you to paste a fingerprint obtained out of band into the yes/no prompt and have the client do the comparison for you. ok markus@ djm@ OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767 --- sshconnect.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index 1a5f6a4c8..955671b4e 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.311 2019/01/19 21:36:38 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.312 2019/01/24 17:00:29 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -563,22 +563,24 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, /* defaults to 'no' */ static int -confirm(const char *prompt) +confirm(const char *prompt, const char *fingerprint) { const char *msg, *again = "Please type 'yes' or 'no': "; + const char *again_fp = "Please type 'yes', 'no' or the fingerprint: "; char *p; int ret = -1; if (options.batch_mode) return 0; - for (msg = prompt;;msg = again) { + for (msg = prompt;;msg = fingerprint ? again_fp : again) { p = read_passphrase(msg, RP_ECHO); if (p == NULL) return 0; p[strcspn(p, "\n")] = '\0'; if (p[0] == '\0' || strcasecmp(p, "no") == 0) ret = 0; - else if (strcasecmp(p, "yes") == 0) + else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL && + strcasecmp(p, fingerprint) == 0)) ret = 1; free(p); if (ret != -1) @@ -706,7 +708,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, char msg[1024]; const char *type; const struct hostkey_entry *host_found, *ip_found; - int len, cancelled_forwarding = 0; + int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; int hostkey_trusted = 0; /* Known or explicitly accepted by user */ @@ -881,14 +883,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, "established%s\n" "%s key fingerprint is %s.%s%s\n%s" "Are you sure you want to continue connecting " - "(yes/no)? ", + "(yes/no/[fingerprint])? ", host, ip, msg1, type, fp, options.visual_host_key ? "\n" : "", options.visual_host_key ? ra : "", msg2); free(ra); + confirmed = confirm(msg, fp); free(fp); - if (!confirm(msg)) + if (!confirmed) goto fail; hostkey_trusted = 1; /* user explicitly confirmed */ } @@ -1082,7 +1085,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, SSH_STRICT_HOSTKEY_ASK) { strlcat(msg, "\nAre you sure you want " "to continue connecting (yes/no)? ", sizeof(msg)); - if (!confirm(msg)) + if (!confirm(msg, NULL)) goto fail; } else if (options.strict_host_key_checking != SSH_STRICT_HOSTKEY_OFF) { -- cgit v1.2.3 From c2c18a39683db382a15b438632afab3f551d50ce Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 26 Jan 2019 22:35:01 +0000 Subject: upstream: make ssh-keyscan return a non-zero exit status if it finds no keys. bz#2903 OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488 --- ssh-keyscan.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 144daa6df..2ed041559 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.125 2019/01/21 10:38:54 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.126 2019/01/26 22:35:01 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -70,6 +70,8 @@ int hash_hosts = 0; /* Hash hostname on output */ int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ +int found_one = 0; /* Successfully found a key */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -287,6 +289,8 @@ keyprint_one(const char *host, struct sshkey *key) char *hostport; const char *known_host, *hashed; + found_one = 1; + if (print_sshfp) { export_dns_rr(host, key, stdout, 0); return; @@ -802,5 +806,5 @@ main(int argc, char **argv) while (ncon > 0) conloop(); - return (0); + return found_one ? 0 : 1; } -- cgit v1.2.3 From 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 26 Jan 2019 22:41:28 +0000 Subject: upstream: check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user. This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules. For this reason, this also adds a new -T flag to disable the check. reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@ OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda --- scp.1 | 16 +++++++++++++--- scp.c | 39 ++++++++++++++++++++++++++++++--------- 2 files changed, 43 insertions(+), 12 deletions(-) diff --git a/scp.1 b/scp.1 index 8bb63edaa..a2833dab0 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.84 2019/01/22 06:58:31 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.85 2019/01/26 22:41:28 djm Exp $ .\" -.Dd $Mdocdate: January 22 2019 $ +.Dd $Mdocdate: January 26 2019 $ .Dt SCP 1 .Os .Sh NAME @@ -18,7 +18,7 @@ .Nd secure copy (remote file copy program) .Sh SYNOPSIS .Nm scp -.Op Fl 346BCpqrv +.Op Fl 346BCpqrTv .Op Fl c Ar cipher .Op Fl F Ar ssh_config .Op Fl i Ar identity_file @@ -222,6 +222,16 @@ to use for the encrypted connection. The program must understand .Xr ssh 1 options. +.It Fl T +Disable strict filename checking. +By default when copying files from a remote host to a local directory +.Nm +checks that the received filenames match those requested on the command-line +to prevent the remote end from sending unexpected or unwanted files. +Because of differences in how various operating systems and shells interpret +filename wildcards, these checks may cause wanted files to be rejected. +This option disables these checks at the expense of fully trusting that +the server will not send unexpected filenames. .It Fl v Verbose mode. Causes diff --git a/scp.c b/scp.c index 74dfe521a..e669e815e 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.201 2019/01/24 16:52:17 dtucker Exp $ */ +/* $OpenBSD: scp.c,v 1.202 2019/01/26 22:41:28 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -94,6 +94,7 @@ #include #include #include +#include #include #include #include @@ -375,14 +376,14 @@ void verifydir(char *); struct passwd *pwd; uid_t userid; int errs, remin, remout; -int pflag, iamremote, iamrecursive, targetshouldbedirectory; +int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; #define CMDNEEDS 64 char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ int response(void); void rsource(char *, struct stat *); -void sink(int, char *[]); +void sink(int, char *[], const char *); void source(int, char *[]); void tolocal(int, char *[]); void toremote(int, char *[]); @@ -423,8 +424,9 @@ main(int argc, char **argv) addargs(&args, "-oRemoteCommand=none"); addargs(&args, "-oRequestTTY=no"); - fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:J:")) != -1) + fflag = Tflag = tflag = 0; + while ((ch = getopt(argc, argv, + "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -504,9 +506,13 @@ main(int argc, char **argv) setmode(0, O_BINARY); #endif break; + case 'T': + Tflag = 1; + break; default: usage(); } + } argc -= optind; argv += optind; @@ -537,7 +543,7 @@ main(int argc, char **argv) } if (tflag) { /* Receive data. */ - sink(argc, argv); + sink(argc, argv, NULL); exit(errs != 0); } if (argc < 2) @@ -795,7 +801,7 @@ tolocal(int argc, char **argv) continue; } free(bp); - sink(1, argv + argc - 1); + sink(1, argv + argc - 1, src); (void) close(remin); remin = remout = -1; } @@ -971,7 +977,7 @@ rsource(char *name, struct stat *statp) (sizeof(type) != 4 && sizeof(type) != 8)) void -sink(int argc, char **argv) +sink(int argc, char **argv, const char *src) { static BUF buffer; struct stat stb; @@ -987,6 +993,7 @@ sink(int argc, char **argv) unsigned long long ull; int setimes, targisdir, wrerrno = 0; char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; + char *src_copy = NULL, *restrict_pattern = NULL; struct timeval tv[2]; #define atime tv[0] @@ -1011,6 +1018,17 @@ sink(int argc, char **argv) (void) atomicio(vwrite, remout, "", 1); if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) targisdir = 1; + if (src != NULL && !iamrecursive && !Tflag) { + /* + * Prepare to try to restrict incoming filenames to match + * the requested destination file glob. + */ + if ((src_copy = strdup(src)) == NULL) + fatal("strdup failed"); + if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { + *restrict_pattern++ = '\0'; + } + } for (first = 1;; first = 0) { cp = buf; if (atomicio(read, remin, cp, 1) != 1) @@ -1115,6 +1133,9 @@ sink(int argc, char **argv) run_err("error: unexpected filename: %s", cp); exit(1); } + if (restrict_pattern != NULL && + fnmatch(restrict_pattern, cp, 0) != 0) + SCREWUP("filename does not match request"); if (targisdir) { static char *namebuf; static size_t cursize; @@ -1152,7 +1173,7 @@ sink(int argc, char **argv) goto bad; } vect[0] = xstrdup(np); - sink(1, vect); + sink(1, vect, src); if (setimes) { setimes = 0; if (utimes(vect[0], tv) < 0) -- cgit v1.2.3 From 2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Sun, 27 Jan 2019 06:30:53 +0000 Subject: upstream: Generate all key supported key types and enable for keyscan test. OpenBSD-Regress-ID: 72f72ff49946c61bc949e1692dd9e3d71370891b --- regress/keyscan.sh | 16 ++++++++++++---- regress/test-exec.sh | 6 +++--- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 3bde1219a..80e7f972a 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh @@ -1,14 +1,22 @@ -# $OpenBSD: keyscan.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: keyscan.sh,v 1.7 2019/01/27 06:30:53 dtucker Exp $ # Placed in the Public Domain. tid="keyscan" -# remove DSA hostkey -rm -f ${OBJ}/host.dsa +KEYTYPES=`${SSH} -Q key-plain` +for i in $KEYTYPES; do + if [ -z "$algs" ]; then + algs="$i" + else + algs="$algs,$i" + fi +done +echo "HostKeyAlgorithms $algs" >> sshd_config + +cat sshd_config start_sshd -KEYTYPES=`${SSH} -Q key-plain` for t in $KEYTYPES; do trace "keyscan type $t" ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 40d46e3cd..e8379e178 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.64 2018/08/10 01:35:49 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.65 2019/01/27 06:30:53 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -469,11 +469,11 @@ fi rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER -SSH_KEYTYPES="rsa ed25519" +SSH_KEYTYPES=`$SSH -Q key-plain` -trace "generate keys" for t in ${SSH_KEYTYPES}; do # generate user key + trace "generating key type $t" if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then rm -f $OBJ/$t ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ -- cgit v1.2.3 From 89843de0c4c733501f6b4f988098e6e06963df37 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Sat, 26 Jan 2019 23:03:12 +0100 Subject: Cygwin: Change service name to cygsshd Microsoft hijacked the sshd service name without asking. --- contrib/cygwin/ssh-host-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 2903125f8..52916d14b 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -61,7 +61,7 @@ LOCALSTATEDIR=/var sshd_config_configured=no port_number=22 -service_name=sshd +service_name=cygsshd strictmodes=yes cygwin_value="" user_account= -- cgit v1.2.3 From 1d05b4adcba08ab068466e5c08dee2f5417ec53a Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Sat, 26 Jan 2019 23:42:40 +0100 Subject: Cygwin: only tweak sshd_config file if it's new, drop creating sshd user The sshd_config tweaks were executed even if the old file was still in place. Fix that. Also disable sshd user creation. It's not used on Cygwin. --- contrib/cygwin/ssh-host-config | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 52916d14b..cc36ea102 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -669,14 +669,24 @@ then fi # handle sshd_config +# make sure not to change the existing file +mod_before="" +if [ -e "${SYSCONFDIR}/sshd_config" ] +then + mod_before=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:') +fi csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt +mod_now=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:') if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 then sshd_config_configured=yes fi -sshd_strictmodes || let warning_cnt+=$? -sshd_privsep || let warning_cnt+=$? -sshd_config_tweak || let warning_cnt+=$? +if [ "${mod_before}" != "${mod_now}" ] +then + sshd_strictmodes || let warning_cnt+=$? + sshd_config_tweak || let warning_cnt+=$? +fi +#sshd_privsep || let warning_cnt+=$? update_services_file || let warning_cnt+=$? update_inetd_conf || let warning_cnt+=$? install_service || let warning_cnt+=$? -- cgit v1.2.3 From ffdde469ed56249f5dc8af98da468dde35531398 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 28 Jan 2019 00:08:26 +0000 Subject: upstream: Count the number of key types instead of assuming there are only two. OpenBSD-Regress-ID: 0998702c41235782cf0beee396ec49b5056eaed9 --- regress/agent-timeout.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh index 9598c2032..80012f80c 100644 --- a/regress/agent-timeout.sh +++ b/regress/agent-timeout.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-timeout.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: agent-timeout.sh,v 1.4 2019/01/28 00:08:26 dtucker Exp $ # Placed in the Public Domain. tid="agent timeout test" @@ -12,16 +12,18 @@ if [ $r -ne 0 ]; then fail "could not start ssh-agent: exit code $r" else trace "add keys with timeout" + keys=0 for t in ${SSH_KEYTYPES}; do ${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1 if [ $? -ne 0 ]; then fail "ssh-add did succeed exit code 0" fi + keys=$((${keys} + 1)) done n=`${SSHADD} -l 2> /dev/null | wc -l` trace "agent has $n keys" - if [ $n -ne 2 ]; then - fail "ssh-add -l did not return 2 keys: $n" + if [ $n -ne $keys ]; then + fail "ssh-add -l did not return $keys keys: $n" fi trace "sleeping 2*${SSHAGENT_TIMEOUT} seconds" sleep ${SSHAGENT_TIMEOUT} -- cgit v1.2.3 From e30d32364d12c351eec9e14be6c61116f9d6cc90 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 28 Jan 2019 00:12:36 +0000 Subject: upstream: Enable ssh-dss for the agent test. Disable it for the certificate test. OpenBSD-Regress-ID: 388c1e03e1def539d350f139b37d69f12334668d --- regress/agent.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/regress/agent.sh b/regress/agent.sh index 7111056c9..788b02064 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $ +# $OpenBSD: agent.sh,v 1.14 2019/01/28 00:12:36 dtucker Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -27,6 +27,9 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \ trace "overwrite authorized keys" printf '' > $OBJ/authorized_keys_$USER +echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy +echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy + for t in ${SSH_KEYTYPES}; do # generate user key for agent rm -f $OBJ/$t-agent $OBJ/$t-agent.pub* @@ -96,6 +99,7 @@ fi (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ > $OBJ/authorized_keys_$USER for t in ${SSH_KEYTYPES}; do + if [ "$t" != "ssh-dss" ]; then trace "connect via agent using $t key" ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \ -oCertificateFile=$OBJ/$t-agent-cert.pub \ @@ -104,6 +108,7 @@ for t in ${SSH_KEYTYPES}; do if [ $r -ne 52 ]; then fail "ssh connect with failed (exit code $r)" fi + fi done trace "delete all agent keys" -- cgit v1.2.3 From 8fe25440206319d15b52d12b948a5dfdec14dca3 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 28 Jan 2019 03:28:10 +0000 Subject: upstream: Remove leftover debugging. OpenBSD-Regress-ID: 3d86c3d4867e46b35af3fd2ac8c96df0ffdcfeb9 --- regress/keyscan.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 80e7f972a..7470936c6 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keyscan.sh,v 1.7 2019/01/27 06:30:53 dtucker Exp $ +# $OpenBSD: keyscan.sh,v 1.8 2019/01/28 03:28:10 dtucker Exp $ # Placed in the Public Domain. tid="keyscan" @@ -13,8 +13,6 @@ for i in $KEYTYPES; do done echo "HostKeyAlgorithms $algs" >> sshd_config -cat sshd_config - start_sshd for t in $KEYTYPES; do -- cgit v1.2.3 From 19a0f0529d3df04118da829528cac7ceff380b24 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 28 Jan 2019 03:50:39 +0000 Subject: upstream: The test sshd_config in in $OBJ. OpenBSD-Regress-ID: 1e5d908a286d8e7de3a15a0020c8857f3a7c9172 --- regress/keyscan.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 7470936c6..8940d24b6 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keyscan.sh,v 1.8 2019/01/28 03:28:10 dtucker Exp $ +# $OpenBSD: keyscan.sh,v 1.9 2019/01/28 03:50:39 dtucker Exp $ # Placed in the Public Domain. tid="keyscan" @@ -11,7 +11,7 @@ for i in $KEYTYPES; do algs="$algs,$i" fi done -echo "HostKeyAlgorithms $algs" >> sshd_config +echo "HostKeyAlgorithms $algs" >> $OBJ/sshd_config start_sshd -- cgit v1.2.3 From 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8 Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Sun, 27 Jan 2019 07:14:11 +0000 Subject: upstream: add -T to usage(); OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899 --- scp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scp.c b/scp.c index e669e815e..96fc246cd 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.202 2019/01/26 22:41:28 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.203 2019/01/27 07:14:11 jmc Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1341,7 +1341,7 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" + "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-S program] source ... target\n"); exit(1); -- cgit v1.2.3 From 5f004620fdc1b2108139300ee12f4014530fb559 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Wed, 30 Jan 2019 19:51:15 +0000 Subject: upstream: Add authors for public domain sntrup4591761 code; confirmed by Daniel J. Bernstein OpenBSD-Commit-ID: b4621f22b8b8ef13e063c852af5e54dbbfa413c1 --- sntrup4591761.c | 10 ++++++++++ sntrup4591761.sh | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/sntrup4591761.c b/sntrup4591761.c index 9631b423e..615f1b266 100644 --- a/sntrup4591761.c +++ b/sntrup4591761.c @@ -1,3 +1,13 @@ +/* $OpenBSD: sntrup4591761.c,v 1.3 2019/01/30 19:51:15 markus Exp $ */ + +/* + * Public Domain, Authors: + * - Daniel J. Bernstein + * - Chitchanok Chuengsatiansup + * - Tanja Lange + * - Christine van Vredendaal + */ + #include #include "crypto_api.h" diff --git a/sntrup4591761.sh b/sntrup4591761.sh index 2a0a4200b..e684c3329 100644 --- a/sntrup4591761.sh +++ b/sntrup4591761.sh @@ -1,4 +1,8 @@ #!/bin/sh +# $OpenBSD: sntrup4591761.sh,v 1.3 2019/01/30 19:51:15 markus Exp $ +# Placed in the Public Domain. +# +AUTHOR="libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/implementors" FILES=" libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.h libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.c @@ -27,8 +31,15 @@ FILES=" ### set -e -DIR=/data/git/mfriedl -cd $DIR +cd $1 +echo -n '/* $' +echo 'OpenBSD: $ */' +echo +echo '/*' +echo ' * Public Domain, Authors:' +sed -e '/Alphabetical order:/d' -e 's/^/ * - /' < $AUTHOR +echo ' */' +echo echo '#include ' echo '#include "crypto_api.h"' echo -- cgit v1.2.3 From 483b3b638500fd498b4b529356e5a0e18cf76891 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 1 Feb 2019 03:52:23 +0000 Subject: upstream: Save connection timeout and restore for 2nd and subsequent attempts, preventing them from having no timeout. bz#2918, ok djm@ OpenBSD-Commit-ID: 4977f1d0521d9b6bba0c9a20d3d226cefac48292 --- sshconnect.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index 955671b4e..eb5139fc7 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.312 2019/01/24 17:00:29 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.313 2019/02/01 03:52:23 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -457,7 +457,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, struct sockaddr_storage *hostaddr, u_short port, int family, int connection_attempts, int *timeout_ms, int want_keepalive) { - int on = 1; + int on = 1, saved_timeout_ms = *timeout_ms; int oerrno, sock = -1, attempt; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo *ai; @@ -501,6 +501,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, continue; } + *timeout_ms = saved_timeout_ms; if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen, timeout_ms) >= 0) { /* Successful connection. */ -- cgit v1.2.3 From cac302a4b42a988e54d32eb254b29b79b648dbf5 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 4 Feb 2019 02:39:42 +0000 Subject: upstream: Remove obsolete "Protocol" from commented out examples. Patch from samy.mahmoudi at gmail com. OpenBSD-Commit-ID: 16aede33dae299725a03abdac5dcb4d73f5d0cbf --- ssh_config | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssh_config b/ssh_config index c12f5ef52..5e8ef548b 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ +# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -34,7 +34,6 @@ # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 -# Protocol 2 # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ -- cgit v1.2.3 From 7a7fdca78de4b4774950be056099e579ef595414 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 4 Feb 2019 23:37:54 +0000 Subject: upstream: fix NULL-deref crash in PKCS#11 code when attempting login to a token requiring a PIN; reported by benno@ fix mostly by markus@ OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31 --- ssh-pkcs11.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index f116e4051..a1a2bab45 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.41 2019/01/22 12:03:58 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.42 2019/02/04 23:37:54 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -625,6 +625,7 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, CK_RV rv; CK_SESSION_HANDLE session; int login_required, have_pinpad, ret; + char prompt[1024], *xpin = NULL; f = p->function_list; si = &p->slotinfo[slotidx]; @@ -633,7 +634,8 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, login_required = si->token.flags & CKF_LOGIN_REQUIRED; /* fail early before opening session */ - if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) { + if (login_required && !have_pinpad && !pkcs11_interactive && + (pin == NULL || strlen(pin) == 0)) { error("pin required"); return (-SSH_PKCS11_ERR_PIN_REQUIRED); } @@ -647,8 +649,21 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, /* defer PIN entry to the reader keypad */ rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); } else { + if (pkcs11_interactive) { + snprintf(prompt, sizeof(prompt), + "Enter PIN for '%s': ", si->token.label); + if ((xpin = read_passphrase(prompt, + RP_ALLOW_EOF)) == NULL) { + debug("%s: no pin specified", + __func__); + return (-SSH_PKCS11_ERR_PIN_REQUIRED); + } + pin = xpin; + } rv = f->C_Login(session, CKU_USER, (u_char *)pin, strlen(pin)); + if (xpin != NULL) + freezero(xpin, strlen(xpin)); } if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { error("C_Login failed: %lu", rv); -- cgit v1.2.3 From 8c53d409baeeaf652c0c125a9b164edc9dbeb6de Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 5 Feb 2019 11:35:56 +0000 Subject: upstream: Adapt code in the non-USE_PIPES codepath to the new packet API. This code is not normally reachable since USE_PIPES is always defined. bz#2961, patch from adrian.fita at gmail com. OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a --- session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/session.c b/session.c index 4862e5d63..4448e6f1f 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.312 2019/01/19 21:41:53 djm Exp $ */ +/* $OpenBSD: session.c,v 1.313 2019/02/05 11:35:56 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -545,7 +545,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * Enter the interactive session. Note: server_loop must be able to * handle the case that fdin and fdout are the same. */ - session_set_fds(s, inout[1], inout[1], err[1], + session_set_fds(ssh, s, inout[1], inout[1], err[1], s->is_subsystem, 0); #endif return 0; -- cgit v1.2.3 From 03e92dd27d491fe6d1a54e7b2f44ef1b0a916e52 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 8 Feb 2019 14:50:36 +1100 Subject: use same close logic for stderr as stdout Avoids sending SIGPIPE to child processes after their parent exits if they attempt to write to stderr. Analysis and patch from JD Paul; patch reworked by Jakub Jelen and myself. bz#2071; ok dtucker@ --- channels.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/channels.c b/channels.c index 19da16eb3..657381b80 100644 --- a/channels.c +++ b/channels.c @@ -2100,16 +2100,18 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c, fd_set *readset, fd_set *writeset) { char buf[CHAN_RBUF]; - int r; ssize_t len; + int r, force; + + force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED; - if (!c->detach_close && !FD_ISSET(c->efd, readset)) + if (c->efd == -1 || (!force && !FD_ISSET(c->efd, readset))) return 1; len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %zd from efd %d", c->self, len, c->efd); if (len < 0 && (errno == EINTR || ((errno == EAGAIN || - errno == EWOULDBLOCK) && !c->detach_close))) + errno == EWOULDBLOCK) && !force))) return 1; if (len <= 0) { debug2("channel %d: closing read-efd %d", -- cgit v1.2.3 From 2ff2e19653b8c0798b8b8eff209651bdb1be2761 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 8 Feb 2019 14:53:35 +1100 Subject: don't set $MAIL if UsePam=yes PAM typically specifies the user environment if it's enabled, so don't second guess. bz#2937; ok dtucker@ --- session.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/session.c b/session.c index 4448e6f1f..bced1f65a 100644 --- a/session.c +++ b/session.c @@ -1050,8 +1050,11 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ - snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); + if (!options.use_pam) { + snprintf(buf, sizeof buf, "%.200s/%.50s", + _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); + } /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); -- cgit v1.2.3 From 318e4f8548a4f5c0c913f61e27d4fc21ffb1eaae Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 10 Feb 2019 11:10:57 +0000 Subject: upstream: syslog when connection is dropped for attempting to run a command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@ OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8 --- session.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/session.c b/session.c index bced1f65a..96167548a 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.313 2019/02/05 11:35:56 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.314 2019/02/10 11:10:57 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1510,12 +1510,13 @@ void do_child(struct ssh *ssh, Session *s, const char *command) { extern char **environ; - char **env; - char *argv[ARGV_MAX]; + char **env, *argv[ARGV_MAX], remote_id[512]; const char *shell, *shell0; struct passwd *pw = s->pw; int r = 0; + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + /* remove hostkey from the child's memory */ destroy_sensitive_data(); ssh_packet_clear_keys(ssh); @@ -1638,6 +1639,8 @@ do_child(struct ssh *ssh, Session *s, const char *command) signal(SIGPIPE, SIG_DFL); if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { + error("Connection from %s: refusing non-sftp session", + remote_id); printf("This service allows sftp connections only.\n"); fflush(NULL); exit(1); -- cgit v1.2.3 From 3d896c157c722bc47adca51a58dca859225b5874 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 10 Feb 2019 11:15:52 +0000 Subject: upstream: when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}". "looks good to me" millert@ + in snaps for the last week courtesy deraadt@ OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e --- scp.c | 282 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 270 insertions(+), 12 deletions(-) diff --git a/scp.c b/scp.c index 96fc246cd..80bc0e8b1 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.203 2019/01/27 07:14:11 jmc Exp $ */ +/* $OpenBSD: scp.c,v 1.204 2019/02/10 11:15:52 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -630,6 +630,253 @@ parse_scp_uri(const char *uri, char **userp, char **hostp, int *portp, return r; } +/* Appends a string to an array; returns 0 on success, -1 on alloc failure */ +static int +append(char *cp, char ***ap, size_t *np) +{ + char **tmp; + + if ((tmp = reallocarray(*ap, *np + 1, sizeof(*tmp))) == NULL) + return -1; + tmp[(*np)] = cp; + (*np)++; + *ap = tmp; + return 0; +} + +/* + * Finds the start and end of the first brace pair in the pattern. + * returns 0 on success or -1 for invalid patterns. + */ +static int +find_brace(const char *pattern, int *startp, int *endp) +{ + int i; + int in_bracket, brace_level; + + *startp = *endp = -1; + in_bracket = brace_level = 0; + for (i = 0; i < INT_MAX && *endp < 0 && pattern[i] != '\0'; i++) { + switch (pattern[i]) { + case '\\': + /* skip next character */ + if (pattern[i + 1] != '\0') + i++; + break; + case '[': + in_bracket = 1; + break; + case ']': + in_bracket = 0; + break; + case '{': + if (in_bracket) + break; + if (pattern[i + 1] == '}') { + /* Protect a single {}, for find(1), like csh */ + i++; /* skip */ + break; + } + if (*startp == -1) + *startp = i; + brace_level++; + break; + case '}': + if (in_bracket) + break; + if (*startp < 0) { + /* Unbalanced brace */ + return -1; + } + if (--brace_level <= 0) + *endp = i; + break; + } + } + /* unbalanced brackets/braces */ + if (*endp < 0 && (*startp >= 0 || in_bracket)) + return -1; + return 0; +} + +/* + * Assembles and records a successfully-expanded pattern, returns -1 on + * alloc failure. + */ +static int +emit_expansion(const char *pattern, int brace_start, int brace_end, + int sel_start, int sel_end, char ***patternsp, size_t *npatternsp) +{ + char *cp; + int o = 0, tail_len = strlen(pattern + brace_end + 1); + + if ((cp = malloc(brace_start + (sel_end - sel_start) + + tail_len + 1)) == NULL) + return -1; + + /* Pattern before initial brace */ + if (brace_start > 0) { + memcpy(cp, pattern, brace_start); + o = brace_start; + } + /* Current braced selection */ + if (sel_end - sel_start > 0) { + memcpy(cp + o, pattern + sel_start, + sel_end - sel_start); + o += sel_end - sel_start; + } + /* Remainder of pattern after closing brace */ + if (tail_len > 0) { + memcpy(cp + o, pattern + brace_end + 1, tail_len); + o += tail_len; + } + cp[o] = '\0'; + if (append(cp, patternsp, npatternsp) != 0) { + free(cp); + return -1; + } + return 0; +} + +/* + * Expand the first encountered brace in pattern, appending the expanded + * patterns it yielded to the *patternsp array. + * + * Returns 0 on success or -1 on allocation failure. + * + * Signals whether expansion was performed via *expanded and whether + * pattern was invalid via *invalid. + */ +static int +brace_expand_one(const char *pattern, char ***patternsp, size_t *npatternsp, + int *expanded, int *invalid) +{ + int i; + int in_bracket, brace_start, brace_end, brace_level; + int sel_start, sel_end; + + *invalid = *expanded = 0; + + if (find_brace(pattern, &brace_start, &brace_end) != 0) { + *invalid = 1; + return 0; + } else if (brace_start == -1) + return 0; + + in_bracket = brace_level = 0; + for (i = sel_start = brace_start + 1; i < brace_end; i++) { + switch (pattern[i]) { + case '{': + if (in_bracket) + break; + brace_level++; + break; + case '}': + if (in_bracket) + break; + brace_level--; + break; + case '[': + in_bracket = 1; + break; + case ']': + in_bracket = 0; + break; + case '\\': + if (i < brace_end - 1) + i++; /* skip */ + break; + } + if (pattern[i] == ',' || i == brace_end - 1) { + if (in_bracket || brace_level > 0) + continue; + /* End of a selection, emit an expanded pattern */ + + /* Adjust end index for last selection */ + sel_end = (i == brace_end - 1) ? brace_end : i; + if (emit_expansion(pattern, brace_start, brace_end, + sel_start, sel_end, patternsp, npatternsp) != 0) + return -1; + /* move on to the next selection */ + sel_start = i + 1; + continue; + } + } + if (in_bracket || brace_level > 0) { + *invalid = 1; + return 0; + } + /* success */ + *expanded = 1; + return 0; +} + +/* Expand braces from pattern. Returns 0 on success, -1 on failure */ +static int +brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp) +{ + char *cp, *cp2, **active = NULL, **done = NULL; + size_t i, nactive = 0, ndone = 0; + int ret = -1, invalid = 0, expanded = 0; + + *patternsp = NULL; + *npatternsp = 0; + + /* Start the worklist with the original pattern */ + if ((cp = strdup(pattern)) == NULL) + return -1; + if (append(cp, &active, &nactive) != 0) { + free(cp); + return -1; + } + while (nactive > 0) { + cp = active[nactive - 1]; + nactive--; + if (brace_expand_one(cp, &active, &nactive, + &expanded, &invalid) == -1) { + free(cp); + goto fail; + } + if (invalid) + fatal("%s: invalid brace pattern \"%s\"", __func__, cp); + if (expanded) { + /* + * Current entry expanded to new entries on the + * active list; discard the progenitor pattern. + */ + free(cp); + continue; + } + /* + * Pattern did not expand; append the finename component to + * the completed list + */ + if ((cp2 = strrchr(cp, '/')) != NULL) + *cp2++ = '\0'; + else + cp2 = cp; + if (append(xstrdup(cp2), &done, &ndone) != 0) { + free(cp); + goto fail; + } + free(cp); + } + /* success */ + *patternsp = done; + *npatternsp = ndone; + done = NULL; + ndone = 0; + ret = 0; + fail: + for (i = 0; i < nactive; i++) + free(active[i]); + free(active); + for (i = 0; i < ndone; i++) + free(done[i]); + free(done); + return ret; +} + void toremote(int argc, char **argv) { @@ -993,7 +1240,8 @@ sink(int argc, char **argv, const char *src) unsigned long long ull; int setimes, targisdir, wrerrno = 0; char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; - char *src_copy = NULL, *restrict_pattern = NULL; + char **patterns = NULL; + size_t n, npatterns = 0; struct timeval tv[2]; #define atime tv[0] @@ -1023,16 +1271,13 @@ sink(int argc, char **argv, const char *src) * Prepare to try to restrict incoming filenames to match * the requested destination file glob. */ - if ((src_copy = strdup(src)) == NULL) - fatal("strdup failed"); - if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { - *restrict_pattern++ = '\0'; - } + if (brace_expand(src, &patterns, &npatterns) != 0) + fatal("%s: could not expand pattern", __func__); } for (first = 1;; first = 0) { cp = buf; if (atomicio(read, remin, cp, 1) != 1) - return; + goto done; if (*cp++ == '\n') SCREWUP("unexpected "); do { @@ -1058,7 +1303,7 @@ sink(int argc, char **argv, const char *src) } if (buf[0] == 'E') { (void) atomicio(vwrite, remout, "", 1); - return; + goto done; } if (ch == '\n') *--cp = 0; @@ -1133,9 +1378,14 @@ sink(int argc, char **argv, const char *src) run_err("error: unexpected filename: %s", cp); exit(1); } - if (restrict_pattern != NULL && - fnmatch(restrict_pattern, cp, 0) != 0) - SCREWUP("filename does not match request"); + if (npatterns > 0) { + for (n = 0; n < npatterns; n++) { + if (fnmatch(patterns[n], cp, 0) == 0) + break; + } + if (n >= npatterns) + SCREWUP("filename does not match request"); + } if (targisdir) { static char *namebuf; static size_t cursize; @@ -1294,7 +1544,15 @@ bad: run_err("%s: %s", np, strerror(errno)); break; } } +done: + for (n = 0; n < npatterns; n++) + free(patterns[n]); + free(patterns); + return; screwup: + for (n = 0; n < npatterns; n++) + free(patterns[n]); + free(patterns); run_err("protocol error: %s", why); exit(1); } -- cgit v1.2.3 From a8c807f1956f81a92a758d3d0237d0ff06d0be5d Mon Sep 17 00:00:00 2001 From: "benno@openbsd.org" Date: Sun, 10 Feb 2019 16:35:41 +0000 Subject: upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11 interactive, so it can ask for the smartcards PIN. ok markus@ OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab --- ssh-keygen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 992491f15..5d0787728 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.326 2019/01/23 04:51:02 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.327 2019/02/10 16:35:41 benno Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -769,7 +769,7 @@ do_download(struct passwd *pw) fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; - pkcs11_init(0); + pkcs11_init(1); nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); if (nkeys <= 0) fatal("cannot read public key from pkcs11"); -- cgit v1.2.3 From 5c68ea8da790d711e6dd5f4c30d089c54032c59a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 11 Feb 2019 09:44:42 +0000 Subject: upstream: cleanup GSSAPI authentication context after completion of the authmethod. Move function-static GSSAPI state to the client Authctxt structure. Make static a bunch of functions that aren't used outside this file. Based on patch from Markus Schmidt ; ok markus@ OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5 --- sshconnect2.c | 155 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 88 insertions(+), 67 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index 2aa7b9933..6d37e92f7 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.301 2019/01/21 10:38:54 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.302 2019/02/11 09:44:42 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -265,6 +265,11 @@ struct cauthctxt { struct cauthmethod *method; sig_atomic_t success; char *authlist; +#ifdef GSSAPI + /* gssapi */ + gss_OID_set gss_supported_mechs; + u_int mech_tried; +#endif /* pubkey */ struct idlist keys; int agent_fd; @@ -289,37 +294,36 @@ struct cauthmethod { int *batch_flag; /* flag in option struct that disables method */ }; -int input_userauth_service_accept(int, u_int32_t, struct ssh *); -int input_userauth_ext_info(int, u_int32_t, struct ssh *); -int input_userauth_success(int, u_int32_t, struct ssh *); -int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); -int input_userauth_failure(int, u_int32_t, struct ssh *); -int input_userauth_banner(int, u_int32_t, struct ssh *); -int input_userauth_error(int, u_int32_t, struct ssh *); -int input_userauth_info_req(int, u_int32_t, struct ssh *); -int input_userauth_pk_ok(int, u_int32_t, struct ssh *); -int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); - -int userauth_none(struct ssh *); -int userauth_pubkey(struct ssh *); -int userauth_passwd(struct ssh *); -int userauth_kbdint(struct ssh *); -int userauth_hostbased(struct ssh *); +static int input_userauth_service_accept(int, u_int32_t, struct ssh *); +static int input_userauth_ext_info(int, u_int32_t, struct ssh *); +static int input_userauth_success(int, u_int32_t, struct ssh *); +static int input_userauth_failure(int, u_int32_t, struct ssh *); +static int input_userauth_banner(int, u_int32_t, struct ssh *); +static int input_userauth_error(int, u_int32_t, struct ssh *); +static int input_userauth_info_req(int, u_int32_t, struct ssh *); +static int input_userauth_pk_ok(int, u_int32_t, struct ssh *); +static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); + +static int userauth_none(struct ssh *); +static int userauth_pubkey(struct ssh *); +static void userauth_pubkey_cleanup(struct ssh *); +static int userauth_passwd(struct ssh *); +static int userauth_kbdint(struct ssh *); +static int userauth_hostbased(struct ssh *); #ifdef GSSAPI -int userauth_gssapi(struct ssh *); -int input_gssapi_response(int type, u_int32_t, struct ssh *); -int input_gssapi_token(int type, u_int32_t, struct ssh *); -int input_gssapi_hash(int type, u_int32_t, struct ssh *); -int input_gssapi_error(int, u_int32_t, struct ssh *); -int input_gssapi_errtok(int, u_int32_t, struct ssh *); +static int userauth_gssapi(struct ssh *); +static void userauth_gssapi_cleanup(struct ssh *); +static int input_gssapi_response(int type, u_int32_t, struct ssh *); +static int input_gssapi_token(int type, u_int32_t, struct ssh *); +static int input_gssapi_error(int, u_int32_t, struct ssh *); +static int input_gssapi_errtok(int, u_int32_t, struct ssh *); #endif void userauth(struct ssh *, char *); static int sign_and_send_pubkey(struct ssh *ssh, Identity *); static void pubkey_prepare(Authctxt *); -static void pubkey_cleanup(Authctxt *); static void pubkey_reset(Authctxt *); static struct sshkey *load_identity_file(Identity *); @@ -331,7 +335,7 @@ Authmethod authmethods[] = { #ifdef GSSAPI {"gssapi-with-mic", userauth_gssapi, - NULL, + userauth_gssapi_cleanup, &options.gss_authentication, NULL}, #endif @@ -342,7 +346,7 @@ Authmethod authmethods[] = { NULL}, {"publickey", userauth_pubkey, - NULL, + userauth_pubkey_cleanup, &options.pubkey_authentication, NULL}, {"keyboard-interactive", @@ -390,6 +394,10 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, authctxt.info_req_seen = 0; authctxt.attempt_kbdint = 0; authctxt.attempt_passwd = 0; +#if GSSAPI + authctxt.gss_supported_mechs = NULL; + authctxt.mech_tried = 0; +#endif authctxt.agent_fd = -1; pubkey_prepare(&authctxt); if (authctxt.method == NULL) { @@ -409,7 +417,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ ssh->authctxt = NULL; - pubkey_cleanup(&authctxt); ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); if (!authctxt.success) @@ -418,7 +425,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, } /* ARGSUSED */ -int +static int input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) { int r; @@ -450,7 +457,7 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) } /* ARGSUSED */ -int +static int input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) { return kex_input_ext_info(type, seqnr, ssh); @@ -495,7 +502,7 @@ userauth(struct ssh *ssh, char *authlist) } /* ARGSUSED */ -int +static int input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) { fatal("%s: bad message during authentication: type %d", __func__, type); @@ -503,7 +510,7 @@ input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) } /* ARGSUSED */ -int +static int input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) { char *msg = NULL; @@ -523,7 +530,7 @@ input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) } /* ARGSUSED */ -int +static int input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -540,7 +547,8 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) return 0; } -int +#if 0 +static int input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -552,9 +560,10 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) authctxt->method->name); return 0; } +#endif /* ARGSUSED */ -int +static int input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -609,7 +618,7 @@ format_identity(Identity *id) } /* ARGSUSED */ -int +static int input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -680,35 +689,36 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) } #ifdef GSSAPI -int +static int userauth_gssapi(struct ssh *ssh) { Authctxt *authctxt = (Authctxt *)ssh->authctxt; Gssctxt *gssctxt = NULL; - static gss_OID_set gss_supported = NULL; - static u_int mech = 0; OM_uint32 min; int r, ok = 0; + gss_OID mech = NULL; /* Try one GSSAPI method at a time, rather than sending them all at * once. */ - if (gss_supported == NULL) - gss_indicate_mechs(&min, &gss_supported); + if (authctxt->gss_supported_mechs == NULL) + gss_indicate_mechs(&min, &authctxt->gss_supported_mechs); - /* Check to see if the mechanism is usable before we offer it */ - while (mech < gss_supported->count && !ok) { + /* Check to see whether the mechanism is usable before we offer it */ + while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && + !ok) { + mech = &authctxt->gss_supported_mechs-> + elements[authctxt->mech_tried]; /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, - &gss_supported->elements[mech], authctxt->host)) { + if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, + mech, authctxt->host)) { ok = 1; /* Mechanism works */ } else { - mech++; + authctxt->mech_tried++; } } - if (!ok) + if (!ok || mech == NULL) return 0; authctxt->methoddata=(void *)gssctxt; @@ -718,14 +728,10 @@ userauth_gssapi(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || - (r = sshpkt_put_u32(ssh, - (gss_supported->elements[mech].length) + 2)) != 0 || + (r = sshpkt_put_u32(ssh, (mech->length) + 2)) != 0 || (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 || - (r = sshpkt_put_u8(ssh, - gss_supported->elements[mech].length)) != 0 || - (r = sshpkt_put(ssh, - gss_supported->elements[mech].elements, - gss_supported->elements[mech].length)) != 0 || + (r = sshpkt_put_u8(ssh, mech->length)) != 0 || + (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 || (r = sshpkt_send(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); @@ -734,11 +740,24 @@ userauth_gssapi(struct ssh *ssh) ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); - mech++; /* Move along to next candidate */ + authctxt->mech_tried++; /* Move along to next candidate */ return 1; } +static void +userauth_gssapi_cleanup(struct ssh *ssh) +{ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; + Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata; + + ssh_gssapi_delete_ctx(&gssctxt); + authctxt->methoddata = NULL; + + free(authctxt->gss_supported_mechs); + authctxt->gss_supported_mechs = NULL; +} + static OM_uint32 process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) { @@ -806,7 +825,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) } /* ARGSUSED */ -int +static int input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -851,7 +870,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) } /* ARGSUSED */ -int +static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -884,7 +903,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) } /* ARGSUSED */ -int +static int input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -919,7 +938,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) } /* ARGSUSED */ -int +static int input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) { char *msg = NULL; @@ -940,7 +959,7 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) } #endif /* GSSAPI */ -int +static int userauth_none(struct ssh *ssh) { Authctxt *authctxt = (Authctxt *)ssh->authctxt; @@ -956,7 +975,7 @@ userauth_none(struct ssh *ssh) return 1; } -int +static int userauth_passwd(struct ssh *ssh) { Authctxt *authctxt = (Authctxt *)ssh->authctxt; @@ -997,7 +1016,7 @@ userauth_passwd(struct ssh *ssh) * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST */ /* ARGSUSED */ -int +static int input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -1619,8 +1638,10 @@ pubkey_prepare(Authctxt *authctxt) } static void -pubkey_cleanup(Authctxt *authctxt) +userauth_pubkey_cleanup(struct ssh *ssh) { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; + Identity *id; if (authctxt->agent_fd != -1) { @@ -1659,7 +1680,7 @@ try_identity(Identity *id) return 1; } -int +static int userauth_pubkey(struct ssh *ssh) { Authctxt *authctxt = (Authctxt *)ssh->authctxt; @@ -1707,7 +1728,7 @@ userauth_pubkey(struct ssh *ssh) /* * Send userauth request message specifying keyboard-interactive method. */ -int +static int userauth_kbdint(struct ssh *ssh) { Authctxt *authctxt = (Authctxt *)ssh->authctxt; @@ -1740,7 +1761,7 @@ userauth_kbdint(struct ssh *ssh) /* * parse INFO_REQUEST, prompt user and send INFO_RESPONSE */ -int +static int input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; @@ -1920,7 +1941,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, return 0; } -int +static int userauth_hostbased(struct ssh *ssh) { Authctxt *authctxt = (Authctxt *)ssh->authctxt; -- cgit v1.2.3 From 38e83e4f219c752ebb1560633b73f06f0392018b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 12 Feb 2019 23:53:10 +0000 Subject: upstream: fix regression in r1.302 reported by naddy@ - only the first public key from the agent was being attempted for use. OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d --- sshconnect2.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index 6d37e92f7..dffee90b1 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.302 2019/02/11 09:44:42 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -306,7 +306,6 @@ static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); static int userauth_none(struct ssh *); static int userauth_pubkey(struct ssh *); -static void userauth_pubkey_cleanup(struct ssh *); static int userauth_passwd(struct ssh *); static int userauth_kbdint(struct ssh *); static int userauth_hostbased(struct ssh *); @@ -322,6 +321,7 @@ static int input_gssapi_errtok(int, u_int32_t, struct ssh *); void userauth(struct ssh *, char *); +static void pubkey_cleanup(struct ssh *); static int sign_and_send_pubkey(struct ssh *ssh, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_reset(Authctxt *); @@ -346,7 +346,7 @@ Authmethod authmethods[] = { NULL}, {"publickey", userauth_pubkey, - userauth_pubkey_cleanup, + NULL, &options.pubkey_authentication, NULL}, {"keyboard-interactive", @@ -415,6 +415,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ + pubkey_cleanup(ssh); ssh->authctxt = NULL; ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); @@ -1638,10 +1639,9 @@ pubkey_prepare(Authctxt *authctxt) } static void -userauth_pubkey_cleanup(struct ssh *ssh) +pubkey_cleanup(struct ssh *ssh) { Authctxt *authctxt = (Authctxt *)ssh->authctxt; - Identity *id; if (authctxt->agent_fd != -1) { -- cgit v1.2.3 From d9ecfaba0b2f1887d20e4368230632e709ca83be Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Mon, 18 Feb 2019 07:02:34 +0000 Subject: upstream: sync the description of ~/.ssh/config with djm's updated description in ssh.1; issue pointed out by andreas kahari ok dtucker djm OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c --- ssh_config.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 1d57eef58..db01f130b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.289 2019/01/22 11:51:25 djm Exp $ -.Dd $Mdocdate: January 22 2019 $ +.\" $OpenBSD: ssh_config.5,v 1.290 2019/02/18 07:02:34 jmc Exp $ +.Dd $Mdocdate: February 18 2019 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1809,7 +1809,7 @@ This is the per-user configuration file. The format of this file is described above. This file is used by the SSH client. Because of the potential for abuse, this file must have strict permissions: -read/write for the user, and not accessible by others. +read/write for the user, and not writable by others. .It Pa /etc/ssh/ssh_config Systemwide configuration file. This file provides defaults for those -- cgit v1.2.3 From 625b62634c33eaef4b80d07529954fe5c6435fe5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 22 Feb 2019 03:37:11 +0000 Subject: upstream: perform removal of agent-forwarding directory in forward MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit setup error path with user's privileged. This is a no-op as this code always runs with user privilege now that we no longer support running sshd with privilege separation disabled, but as long as the privsep skeleton is there we should follow the rules. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bz#2969 with patch from Erik Sjölund OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846 --- session.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/session.c b/session.c index 96167548a..48cfaafbf 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.314 2019/02/10 11:10:57 djm Exp $ */ +/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -233,7 +233,9 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) authsock_err: free(auth_sock_name); if (auth_sock_dir != NULL) { + temporarily_use_uid(pw); rmdir(auth_sock_dir); + restore_uid(); free(auth_sock_dir); } if (sock != -1) -- cgit v1.2.3 From 4c55b674835478eb80a1a7aeae588aa654e2a433 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Sat, 16 Feb 2019 14:13:43 +0100 Subject: Add tags to .gitignore Signed-off-by: Corinna Vinschen --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 650eb3c3c..e7e02ea72 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ ssh-keysign ssh-pkcs11-helper sshd !regress/misc/fuzz-harness/Makefile +tags -- cgit v1.2.3 From f02afa350afac1b2f2d1413259a27a4ba1e2ca24 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Wed, 20 Feb 2019 13:41:24 +0100 Subject: Revert "[auth.c] On Cygwin, refuse usernames that have differences in case" This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen --- auth.c | 13 ---- groupaccess.c | 4 ++ match.c | 4 ++ openbsd-compat/bsd-cygwin_util.c | 146 +++++++++++++++++++++++++++++++++++++++ servconf.c | 4 ++ 5 files changed, 158 insertions(+), 13 deletions(-) diff --git a/auth.c b/auth.c index 62c58e72f..332b6220c 100644 --- a/auth.c +++ b/auth.c @@ -583,19 +583,6 @@ getpwnamallow(struct ssh *ssh, const char *user) #if defined(_AIX) && defined(HAVE_SETAUTHDB) aix_restoreauthdb(); -#endif -#ifdef HAVE_CYGWIN - /* - * Windows usernames are case-insensitive. To avoid later problems - * when trying to match the username, the user is only allowed to - * login if the username is given in the same case as stored in the - * user database. - */ - if (pw != NULL && strcmp(user, pw->pw_name) != 0) { - logit("Login name %.100s does not match stored username %.100s", - user, pw->pw_name); - pw = NULL; - } #endif if (pw == NULL) { logit("Invalid user %.100s from %.100s port %d", diff --git a/groupaccess.c b/groupaccess.c index 9e4d25521..43367990d 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -103,7 +103,11 @@ ga_match_pattern_list(const char *group_pattern) int i, found = 0; for (i = 0; i < ngroups; i++) { +#ifndef HAVE_CYGWIN switch (match_pattern_list(groups_byname[i], group_pattern, 0)) { +#else + switch (match_pattern_list(groups_byname[i], group_pattern, 1)) { +#endif case -1: return 0; /* Negated match wins */ case 0: diff --git a/match.c b/match.c index bb3e95f67..b50ae4057 100644 --- a/match.c +++ b/match.c @@ -111,6 +111,8 @@ match_pattern(const char *s, const char *pattern) /* NOTREACHED */ } +#ifndef HAVE_CYGWIN /* Cygwin version in openbsd-compat/bsd-cygwin_util.c */ + /* * Tries to match the string against the * comma-separated sequence of subpatterns (each possibly preceded by ! to @@ -170,6 +172,8 @@ match_pattern_list(const char *string, const char *pattern, int dolower) return got_positive; } +#endif + /* * Tries to match the host name (which must be in all lowercase) against the * comma-separated sequence of subpatterns (each possibly preceded by ! to diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index fb49e30f5..f721fca9d 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -37,6 +37,8 @@ #include #include #include +#include +#include #include "xmalloc.h" @@ -117,4 +119,148 @@ free_windows_environment(char **p) free(p); } +/* + * Returns true if the given string matches the pattern (which may contain ? + * and * as wildcards), and zero if it does not match. + * + * The Cygwin version of this function must be case-insensitive and take + * Unicode characters into account. + */ + +static int +__match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) +{ + for (;;) { + /* If at end of pattern, accept if also at end of string. */ + if (!*pattern) + return !*s; + + if (*pattern == '*') { + /* Skip the asterisk. */ + pattern++; + + /* If at end of pattern, accept immediately. */ + if (!*pattern) + return 1; + + /* If next character in pattern is known, optimize. */ + if (*pattern != '?' && *pattern != '*') { + /* + * Look instances of the next character in + * pattern, and try to match starting from + * those. + */ + for (; *s; s++) + if (*s == *pattern && + __match_pattern(s + 1, pattern + 1, + caseinsensitive)) + return 1; + /* Failed. */ + return 0; + } + /* + * Move ahead one character at a time and try to + * match at each position. + */ + for (; *s; s++) + if (__match_pattern(s, pattern, caseinsensitive)) + return 1; + /* Failed. */ + return 0; + } + /* + * There must be at least one more character in the string. + * If we are at the end, fail. + */ + if (!*s) + return 0; + + /* Check if the next character of the string is acceptable. */ + if (*pattern != '?' && (*pattern != *s && + (!caseinsensitive || towlower(*pattern) != towlower(*s)))) + return 0; + + /* Move to the next character, both in string and in pattern. */ + s++; + pattern++; + } + /* NOTREACHED */ +} + +static int +_match_pattern(const char *s, const char *pattern, int caseinsensitive) +{ + wchar_t *ws; + wchar_t *wpattern; + size_t len; + + if ((len = mbstowcs(NULL, s, 0)) < 0) + return 0; + ws = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); + mbstowcs(ws, s, len + 1); + if ((len = mbstowcs(NULL, pattern, 0)) < 0) + return 0; + wpattern = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); + mbstowcs(wpattern, pattern, len + 1); + return __match_pattern (ws, wpattern, caseinsensitive); +} + +/* + * Tries to match the string against the + * comma-separated sequence of subpatterns (each possibly preceded by ! to + * indicate negation). Returns -1 if negation matches, 1 if there is + * a positive match, 0 if there is no match at all. + */ +int +match_pattern_list(const char *string, const char *pattern, int caseinsensitive) +{ + char sub[1024]; + int negated; + int got_positive; + u_int i, subi, len = strlen(pattern); + + got_positive = 0; + for (i = 0; i < len;) { + /* Check if the subpattern is negated. */ + if (pattern[i] == '!') { + negated = 1; + i++; + } else + negated = 0; + + /* + * Extract the subpattern up to a comma or end. Convert the + * subpattern to lowercase. + */ + for (subi = 0; + i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; + subi++, i++) + sub[subi] = pattern[i]; + /* If subpattern too long, return failure (no match). */ + if (subi >= sizeof(sub) - 1) + return 0; + + /* If the subpattern was terminated by a comma, then skip it. */ + if (i < len && pattern[i] == ',') + i++; + + /* Null-terminate the subpattern. */ + sub[subi] = '\0'; + + /* Try to match the subpattern against the string. */ + if (_match_pattern(string, sub, caseinsensitive)) { + if (negated) + return -1; /* Negative */ + else + got_positive = 1; /* Positive */ + } + } + + /* + * Return success if got a positive match. If there was a negative + * match, we have already returned -1 and never get here. + */ + return got_positive; +} + #endif /* HAVE_CYGWIN */ diff --git a/servconf.c b/servconf.c index d9680aba1..4fa896fd4 100644 --- a/servconf.c +++ b/servconf.c @@ -1049,7 +1049,11 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) } if (ci->user == NULL) match_test_missing_fatal("User", "user"); +#ifndef HAVE_CYGWIN if (match_pattern_list(ci->user, arg, 0) != 1) +#else + if (match_pattern_list(ci->user, arg, 1) != 1) +#endif result = 0; else debug("user %.100s matched 'User %.100s' at " -- cgit v1.2.3 From bed1d43698807a07bb4ddb93a46b0bd84b9970b3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 22 Feb 2019 15:21:21 +1100 Subject: Revert unintended parts of previous commit. --- groupaccess.c | 4 -- match.c | 4 -- openbsd-compat/bsd-cygwin_util.c | 146 --------------------------------------- servconf.c | 4 -- 4 files changed, 158 deletions(-) diff --git a/groupaccess.c b/groupaccess.c index 43367990d..9e4d25521 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -103,11 +103,7 @@ ga_match_pattern_list(const char *group_pattern) int i, found = 0; for (i = 0; i < ngroups; i++) { -#ifndef HAVE_CYGWIN switch (match_pattern_list(groups_byname[i], group_pattern, 0)) { -#else - switch (match_pattern_list(groups_byname[i], group_pattern, 1)) { -#endif case -1: return 0; /* Negated match wins */ case 0: diff --git a/match.c b/match.c index b50ae4057..bb3e95f67 100644 --- a/match.c +++ b/match.c @@ -111,8 +111,6 @@ match_pattern(const char *s, const char *pattern) /* NOTREACHED */ } -#ifndef HAVE_CYGWIN /* Cygwin version in openbsd-compat/bsd-cygwin_util.c */ - /* * Tries to match the string against the * comma-separated sequence of subpatterns (each possibly preceded by ! to @@ -172,8 +170,6 @@ match_pattern_list(const char *string, const char *pattern, int dolower) return got_positive; } -#endif - /* * Tries to match the host name (which must be in all lowercase) against the * comma-separated sequence of subpatterns (each possibly preceded by ! to diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index f721fca9d..fb49e30f5 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -37,8 +37,6 @@ #include #include #include -#include -#include #include "xmalloc.h" @@ -119,148 +117,4 @@ free_windows_environment(char **p) free(p); } -/* - * Returns true if the given string matches the pattern (which may contain ? - * and * as wildcards), and zero if it does not match. - * - * The Cygwin version of this function must be case-insensitive and take - * Unicode characters into account. - */ - -static int -__match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) -{ - for (;;) { - /* If at end of pattern, accept if also at end of string. */ - if (!*pattern) - return !*s; - - if (*pattern == '*') { - /* Skip the asterisk. */ - pattern++; - - /* If at end of pattern, accept immediately. */ - if (!*pattern) - return 1; - - /* If next character in pattern is known, optimize. */ - if (*pattern != '?' && *pattern != '*') { - /* - * Look instances of the next character in - * pattern, and try to match starting from - * those. - */ - for (; *s; s++) - if (*s == *pattern && - __match_pattern(s + 1, pattern + 1, - caseinsensitive)) - return 1; - /* Failed. */ - return 0; - } - /* - * Move ahead one character at a time and try to - * match at each position. - */ - for (; *s; s++) - if (__match_pattern(s, pattern, caseinsensitive)) - return 1; - /* Failed. */ - return 0; - } - /* - * There must be at least one more character in the string. - * If we are at the end, fail. - */ - if (!*s) - return 0; - - /* Check if the next character of the string is acceptable. */ - if (*pattern != '?' && (*pattern != *s && - (!caseinsensitive || towlower(*pattern) != towlower(*s)))) - return 0; - - /* Move to the next character, both in string and in pattern. */ - s++; - pattern++; - } - /* NOTREACHED */ -} - -static int -_match_pattern(const char *s, const char *pattern, int caseinsensitive) -{ - wchar_t *ws; - wchar_t *wpattern; - size_t len; - - if ((len = mbstowcs(NULL, s, 0)) < 0) - return 0; - ws = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); - mbstowcs(ws, s, len + 1); - if ((len = mbstowcs(NULL, pattern, 0)) < 0) - return 0; - wpattern = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); - mbstowcs(wpattern, pattern, len + 1); - return __match_pattern (ws, wpattern, caseinsensitive); -} - -/* - * Tries to match the string against the - * comma-separated sequence of subpatterns (each possibly preceded by ! to - * indicate negation). Returns -1 if negation matches, 1 if there is - * a positive match, 0 if there is no match at all. - */ -int -match_pattern_list(const char *string, const char *pattern, int caseinsensitive) -{ - char sub[1024]; - int negated; - int got_positive; - u_int i, subi, len = strlen(pattern); - - got_positive = 0; - for (i = 0; i < len;) { - /* Check if the subpattern is negated. */ - if (pattern[i] == '!') { - negated = 1; - i++; - } else - negated = 0; - - /* - * Extract the subpattern up to a comma or end. Convert the - * subpattern to lowercase. - */ - for (subi = 0; - i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; - subi++, i++) - sub[subi] = pattern[i]; - /* If subpattern too long, return failure (no match). */ - if (subi >= sizeof(sub) - 1) - return 0; - - /* If the subpattern was terminated by a comma, then skip it. */ - if (i < len && pattern[i] == ',') - i++; - - /* Null-terminate the subpattern. */ - sub[subi] = '\0'; - - /* Try to match the subpattern against the string. */ - if (_match_pattern(string, sub, caseinsensitive)) { - if (negated) - return -1; /* Negative */ - else - got_positive = 1; /* Positive */ - } - } - - /* - * Return success if got a positive match. If there was a negative - * match, we have already returned -1 and never get here. - */ - return got_positive; -} - #endif /* HAVE_CYGWIN */ diff --git a/servconf.c b/servconf.c index 4fa896fd4..d9680aba1 100644 --- a/servconf.c +++ b/servconf.c @@ -1049,11 +1049,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) } if (ci->user == NULL) match_test_missing_fatal("User", "user"); -#ifndef HAVE_CYGWIN if (match_pattern_list(ci->user, arg, 0) != 1) -#else - if (match_pattern_list(ci->user, arg, 1) != 1) -#endif result = 0; else debug("user %.100s matched 'User %.100s' at " -- cgit v1.2.3 From 37638c752041d591371900df820f070037878a2d Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Wed, 20 Feb 2019 13:41:25 +0100 Subject: Cygwin: implement case-insensitive Unicode user and group name matching The previous revert enabled case-insensitive user names again. This patch implements the case-insensitive user and group name matching. To allow Unicode chars, implement the matcher using wchar_t chars in Cygwin-specific code. Keep the generic code changes as small as possible. Cygwin: implement case-insensitive Unicode user and group name matching Signed-off-by: Corinna Vinschen --- groupaccess.c | 4 ++ match.c | 4 ++ openbsd-compat/bsd-cygwin_util.c | 146 +++++++++++++++++++++++++++++++++++++++ servconf.c | 4 ++ 4 files changed, 158 insertions(+) diff --git a/groupaccess.c b/groupaccess.c index 9e4d25521..43367990d 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -103,7 +103,11 @@ ga_match_pattern_list(const char *group_pattern) int i, found = 0; for (i = 0; i < ngroups; i++) { +#ifndef HAVE_CYGWIN switch (match_pattern_list(groups_byname[i], group_pattern, 0)) { +#else + switch (match_pattern_list(groups_byname[i], group_pattern, 1)) { +#endif case -1: return 0; /* Negated match wins */ case 0: diff --git a/match.c b/match.c index bb3e95f67..b50ae4057 100644 --- a/match.c +++ b/match.c @@ -111,6 +111,8 @@ match_pattern(const char *s, const char *pattern) /* NOTREACHED */ } +#ifndef HAVE_CYGWIN /* Cygwin version in openbsd-compat/bsd-cygwin_util.c */ + /* * Tries to match the string against the * comma-separated sequence of subpatterns (each possibly preceded by ! to @@ -170,6 +172,8 @@ match_pattern_list(const char *string, const char *pattern, int dolower) return got_positive; } +#endif + /* * Tries to match the host name (which must be in all lowercase) against the * comma-separated sequence of subpatterns (each possibly preceded by ! to diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index fb49e30f5..f721fca9d 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -37,6 +37,8 @@ #include #include #include +#include +#include #include "xmalloc.h" @@ -117,4 +119,148 @@ free_windows_environment(char **p) free(p); } +/* + * Returns true if the given string matches the pattern (which may contain ? + * and * as wildcards), and zero if it does not match. + * + * The Cygwin version of this function must be case-insensitive and take + * Unicode characters into account. + */ + +static int +__match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) +{ + for (;;) { + /* If at end of pattern, accept if also at end of string. */ + if (!*pattern) + return !*s; + + if (*pattern == '*') { + /* Skip the asterisk. */ + pattern++; + + /* If at end of pattern, accept immediately. */ + if (!*pattern) + return 1; + + /* If next character in pattern is known, optimize. */ + if (*pattern != '?' && *pattern != '*') { + /* + * Look instances of the next character in + * pattern, and try to match starting from + * those. + */ + for (; *s; s++) + if (*s == *pattern && + __match_pattern(s + 1, pattern + 1, + caseinsensitive)) + return 1; + /* Failed. */ + return 0; + } + /* + * Move ahead one character at a time and try to + * match at each position. + */ + for (; *s; s++) + if (__match_pattern(s, pattern, caseinsensitive)) + return 1; + /* Failed. */ + return 0; + } + /* + * There must be at least one more character in the string. + * If we are at the end, fail. + */ + if (!*s) + return 0; + + /* Check if the next character of the string is acceptable. */ + if (*pattern != '?' && (*pattern != *s && + (!caseinsensitive || towlower(*pattern) != towlower(*s)))) + return 0; + + /* Move to the next character, both in string and in pattern. */ + s++; + pattern++; + } + /* NOTREACHED */ +} + +static int +_match_pattern(const char *s, const char *pattern, int caseinsensitive) +{ + wchar_t *ws; + wchar_t *wpattern; + size_t len; + + if ((len = mbstowcs(NULL, s, 0)) < 0) + return 0; + ws = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); + mbstowcs(ws, s, len + 1); + if ((len = mbstowcs(NULL, pattern, 0)) < 0) + return 0; + wpattern = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); + mbstowcs(wpattern, pattern, len + 1); + return __match_pattern (ws, wpattern, caseinsensitive); +} + +/* + * Tries to match the string against the + * comma-separated sequence of subpatterns (each possibly preceded by ! to + * indicate negation). Returns -1 if negation matches, 1 if there is + * a positive match, 0 if there is no match at all. + */ +int +match_pattern_list(const char *string, const char *pattern, int caseinsensitive) +{ + char sub[1024]; + int negated; + int got_positive; + u_int i, subi, len = strlen(pattern); + + got_positive = 0; + for (i = 0; i < len;) { + /* Check if the subpattern is negated. */ + if (pattern[i] == '!') { + negated = 1; + i++; + } else + negated = 0; + + /* + * Extract the subpattern up to a comma or end. Convert the + * subpattern to lowercase. + */ + for (subi = 0; + i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; + subi++, i++) + sub[subi] = pattern[i]; + /* If subpattern too long, return failure (no match). */ + if (subi >= sizeof(sub) - 1) + return 0; + + /* If the subpattern was terminated by a comma, then skip it. */ + if (i < len && pattern[i] == ',') + i++; + + /* Null-terminate the subpattern. */ + sub[subi] = '\0'; + + /* Try to match the subpattern against the string. */ + if (_match_pattern(string, sub, caseinsensitive)) { + if (negated) + return -1; /* Negative */ + else + got_positive = 1; /* Positive */ + } + } + + /* + * Return success if got a positive match. If there was a negative + * match, we have already returned -1 and never get here. + */ + return got_positive; +} + #endif /* HAVE_CYGWIN */ diff --git a/servconf.c b/servconf.c index d9680aba1..4fa896fd4 100644 --- a/servconf.c +++ b/servconf.c @@ -1049,7 +1049,11 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) } if (ci->user == NULL) match_test_missing_fatal("User", "user"); +#ifndef HAVE_CYGWIN if (match_pattern_list(ci->user, arg, 0) != 1) +#else + if (match_pattern_list(ci->user, arg, 1) != 1) +#endif result = 0; else debug("user %.100s matched 'User %.100s' at " -- cgit v1.2.3 From 9b61130fbd95d196bce81ebeca94a4cb7c0d5ba0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 23 Feb 2019 08:20:43 +0000 Subject: upstream: openssh-7.9 accidentally reused the server's algorithm lists in the client for KEX, ciphers and MACs. The ciphers and MACs were identical between the client and server, but the error accidentially disabled the diffie-hellman-group-exchange-sha1 KEX method. This fixes the client code to use the correct method list, but because nobody complained, it also disables the diffie-hellman-group-exchange-sha1 KEX method. Reported by nuxi AT vault24.org via bz#2697; ok dtucker OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57 --- .depend | 2 +- myproposal.h | 15 +++++---------- readconf.c | 8 ++++---- ssh_config.5 | 5 ++--- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/.depend b/.depend index 5524c9e5c..04a2ea050 100644 --- a/.depend +++ b/.depend @@ -94,7 +94,7 @@ platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openb platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h -progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h +progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h readconf.o: uidswap.h myproposal.h digest.h readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h diff --git a/myproposal.h b/myproposal.h index 27b4a15a1..f16729876 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.58 2019/02/23 08:20:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -90,20 +90,15 @@ # else # define KEX_CURVE25519_METHODS "" # endif -#define KEX_COMMON_KEX \ +#define KEX_SERVER_KEX \ KEX_CURVE25519_METHODS \ KEX_ECDH_METHODS \ - KEX_SHA2_METHODS - -#define KEX_SERVER_KEX KEX_COMMON_KEX \ - KEX_SHA2_GROUP14 \ - "diffie-hellman-group14-sha1" \ - -#define KEX_CLIENT_KEX KEX_COMMON_KEX \ - "diffie-hellman-group-exchange-sha1," \ + KEX_SHA2_METHODS \ KEX_SHA2_GROUP14 \ "diffie-hellman-group14-sha1" +#define KEX_CLIENT_KEX KEX_SERVER_KEX + #define KEX_DEFAULT_PK_ALG \ HOSTKEY_ECDSA_CERT_METHODS \ "ssh-ed25519-cert-v01@openssh.com," \ diff --git a/readconf.c b/readconf.c index 7331ef5ad..a45667465 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.302 2018/11/23 05:08:07 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.303 2019/02/23 08:20:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2122,9 +2122,9 @@ fill_default_options(Options * options) defaults, all)) != 0) \ fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ } while (0) - ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher); - ASSEMBLE(macs, KEX_SERVER_MAC, all_mac); - ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); + ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher); + ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac); + ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex); ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); diff --git a/ssh_config.5 b/ssh_config.5 index db01f130b..087ca0132 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.290 2019/02/18 07:02:34 jmc Exp $ -.Dd $Mdocdate: February 18 2019 $ +.\" $OpenBSD: ssh_config.5,v 1.291 2019/02/23 08:20:43 djm Exp $ +.Dd $Mdocdate: February 23 2019 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1058,7 +1058,6 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, -diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 .Ed -- cgit v1.2.3 From 8e7bac35aa576d2fd7560836da83733e864ce649 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Wed, 27 Feb 2019 19:37:01 +0000 Subject: upstream: dup stdout/in for proxycommand=-, otherwise stdout might be redirected to /dev/null; ok djm@ OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595 --- sshconnect.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index eb5139fc7..fdcdcd855 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.313 2019/02/01 03:52:23 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.314 2019/02/27 19:37:01 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -547,12 +547,20 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port, int family, int connection_attempts, int *timeout_ms, int want_keepalive) { + int in, out; + if (options.proxy_command == NULL) { return ssh_connect_direct(ssh, host, addrs, hostaddr, port, family, connection_attempts, timeout_ms, want_keepalive); } else if (strcmp(options.proxy_command, "-") == 0) { - if ((ssh_packet_set_connection(ssh, - STDIN_FILENO, STDOUT_FILENO)) == NULL) + if ((in = dup(STDIN_FILENO)) < 0 || + (out = dup(STDOUT_FILENO)) < 0) { + if (in >= 0) + close(in); + error("%s: dup() in/out failed", __func__); + return -1; /* ssh_packet_set_connection logs error */ + } + if ((ssh_packet_set_connection(ssh, in, out)) == NULL) return -1; /* ssh_packet_set_connection logs error */ return 0; } else if (options.proxy_use_fdpass) { -- cgit v1.2.3 From 95a8058c1a90a27acbb91392ba206854abc85226 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 1 Mar 2019 02:08:50 +0000 Subject: upstream: let PKCS11Provider=none do what users expect print PKCS11Provider instead of obsolete SmartcardDevice in config dump. bz#2974 ok dtucker@ OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846 --- readconf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/readconf.c b/readconf.c index a45667465..ec497e79f 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.303 2019/02/23 08:20:43 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.304 2019/03/01 02:08:50 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -208,8 +208,8 @@ static struct { { "gssapidelegatecredentials", oUnsupported }, #endif #ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, { "pkcs11provider", oPKCS11Provider }, + { "smartcarddevice", oPKCS11Provider }, # else { "smartcarddevice", oUnsupported }, { "pkcs11provider", oUnsupported }, @@ -2147,6 +2147,7 @@ fill_default_options(Options * options) CLEAR_ON_NONE(options->proxy_command); CLEAR_ON_NONE(options->control_path); CLEAR_ON_NONE(options->revoked_host_keys); + CLEAR_ON_NONE(options->pkcs11_provider); if (options->jump_host != NULL && strcmp(options->jump_host, "none") == 0 && options->jump_port == 0 && options->jump_user == NULL) { -- cgit v1.2.3 From de817e9dfab99473017d28cdf69e60397d00ea21 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 1 Mar 2019 02:16:47 +0000 Subject: upstream: mention PKCS11Provide=none, reword a little and remove mention of RSA keys only (since we support ECDSA now and might support others in the future). Inspired by Jakub Jelen via bz#2974 OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5 --- ssh_config.5 | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 087ca0132..412629637 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.291 2019/02/23 08:20:43 djm Exp $ -.Dd $Mdocdate: February 23 2019 $ +.\" $OpenBSD: ssh_config.5,v 1.292 2019/03/01 02:16:47 djm Exp $ +.Dd $Mdocdate: March 1 2019 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1180,11 +1180,13 @@ or .Cm no (the default). .It Cm PKCS11Provider -Specifies which PKCS#11 provider to use. -The argument to this keyword is the PKCS#11 shared library +Specifies which PKCS#11 provider to use or +.Cm none +to indicate that no provider should be used (the default). +The argument to this keyword is a path to the PKCS#11 shared library .Xr ssh 1 -should use to communicate with a PKCS#11 token providing the user's -private RSA key. +should use to communicate with a PKCS#11 token providing keys for user +authentication. .It Cm Port Specifies the port number to connect on the remote host. The default is 22. -- cgit v1.2.3 From 76a24b3fa193a9ca3e47a8779d497cb06500798b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 1 Mar 2019 02:32:39 +0000 Subject: upstream: Fix two race conditions in sshd relating to SIGHUP: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. Recently-forked child processes will briefly remain listening to listen_socks. If the main server sshd process completes its restart via execv() before these sockets are closed by the child processes then it can fail to listen at the desired addresses/ports and/or fail to restart. 2. When a SIGHUP is received, there may be forked child processes that are awaiting their reexecution state. If the main server sshd process restarts before passing this state, these child processes will yield errors and use a fallback path of reading the current sshd_config from the filesystem rather than use the one that sshd was started with. To fix both of these cases, we reuse the startup_pipes that are shared between the main server sshd and forked children. Previously this was used solely to implement tracking of pre-auth child processes for MaxStartups, but this extends the messaging over these pipes to include a child->parent message that the parent process is safe to restart. This message is sent from the child after it has completed its preliminaries: closing listen_socks and receiving its reexec state. bz#2953, reported by Michal Koutný; ok markus@ dtucker@ OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab --- sshd.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 86 insertions(+), 28 deletions(-) diff --git a/sshd.c b/sshd.c index 058260d6f..cbd3bce91 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.532 2019/01/21 10:38:54 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.533 2019/03/01 02:32:39 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -213,9 +213,26 @@ u_int session_id2_len = 0; /* record remote hostname or ip */ u_int utmp_len = HOST_NAME_MAX+1; -/* options.max_startup sized array of fd ints */ +/* + * startup_pipes/flags are used for tracking children of the listening sshd + * process early in their lifespans. This tracking is needed for three things: + * + * 1) Implementing the MaxStartups limit of concurrent unauthenticated + * connections. + * 2) Avoiding a race condition for SIGHUP processing, where child processes + * may have listen_socks open that could collide with main listener process + * after it restarts. + * 3) Ensuring that rexec'd sshd processes have received their initial state + * from the parent listen process before handling SIGHUP. + * + * Child processes signal that they have completed closure of the listen_socks + * and (if applicable) received their rexec state by sending a char over their + * sock. Child processes signal that authentication has completed by closing + * the sock (or by exiting). + */ static int *startup_pipes = NULL; -static int startup_pipe; /* in child */ +static int *startup_flags = NULL; /* Indicates child closed listener */ +static int startup_pipe = -1; /* in child */ /* variables used for privilege separation */ int use_privsep = -1; @@ -901,14 +918,9 @@ server_accept_inetd(int *sock_in, int *sock_out) { int fd; - startup_pipe = -1; if (rexeced_flag) { close(REEXEC_CONFIG_PASS_FD); *sock_in = *sock_out = dup(STDIN_FILENO); - if (!debug_flag) { - startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); - close(REEXEC_STARTUP_PIPE_FD); - } } else { *sock_in = dup(STDIN_FILENO); *sock_out = dup(STDOUT_FILENO); @@ -1033,8 +1045,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) { fd_set *fdset; int i, j, ret, maxfd; - int startups = 0; + int startups = 0, listening = 0, lameduck = 0; int startup_p[2] = { -1 , -1 }; + char c = 0; struct sockaddr_storage from; socklen_t fromlen; pid_t pid; @@ -1048,6 +1061,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) maxfd = listen_socks[i]; /* pipes connected to unauthenticated childs */ startup_pipes = xcalloc(options.max_startups, sizeof(int)); + startup_flags = xcalloc(options.max_startups, sizeof(int)); for (i = 0; i < options.max_startups; i++) startup_pipes[i] = -1; @@ -1056,8 +1070,15 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * the daemon is killed with a signal. */ for (;;) { - if (received_sighup) - sighup_restart(); + if (received_sighup) { + if (!lameduck) { + debug("Received SIGHUP; waiting for children"); + close_listen_socks(); + lameduck = 1; + } + if (listening <= 0) + sighup_restart(); + } free(fdset); fdset = xcalloc(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); @@ -1083,19 +1104,37 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) if (ret < 0) continue; - for (i = 0; i < options.max_startups; i++) - if (startup_pipes[i] != -1 && - FD_ISSET(startup_pipes[i], fdset)) { - /* - * the read end of the pipe is ready - * if the child has closed the pipe - * after successful authentication - * or if the child has died - */ + for (i = 0; i < options.max_startups; i++) { + if (startup_pipes[i] == -1 || + !FD_ISSET(startup_pipes[i], fdset)) + continue; + switch (read(startup_pipes[i], &c, sizeof(c))) { + case -1: + if (errno == EINTR || errno == EAGAIN) + continue; + if (errno != EPIPE) { + error("%s: startup pipe %d (fd=%d): " + "read %s", __func__, i, + startup_pipes[i], strerror(errno)); + } + /* FALLTHROUGH */ + case 0: + /* child exited or completed auth */ close(startup_pipes[i]); startup_pipes[i] = -1; startups--; + if (startup_flags[i]) + listening--; + break; + case 1: + /* child has finished preliminaries */ + if (startup_flags[i]) { + listening--; + startup_flags[i] = 0; + } + break; } + } for (i = 0; i < num_listen_socks; i++) { if (!FD_ISSET(listen_socks[i], fdset)) continue; @@ -1149,6 +1188,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) if (maxfd < startup_p[0]) maxfd = startup_p[0]; startups++; + startup_flags[j] = 1; break; } @@ -1174,7 +1214,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) send_rexec_state(config_s[0], cfg); close(config_s[0]); } - break; + return; } /* @@ -1183,13 +1223,14 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * parent continues listening. */ platform_pre_fork(); + listening++; if ((pid = fork()) == 0) { /* * Child. Close the listening and * max_startup sockets. Start using * the accepted socket. Reinitialize * logging (since our pid has changed). - * We break out of the loop to handle + * We return from this function to handle * the connection. */ platform_post_fork_child(); @@ -1204,7 +1245,18 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) log_stderr); if (rexec_flag) close(config_s[0]); - break; + else { + /* + * Signal parent that the preliminaries + * for this child are complete. For the + * re-exec case, this happens after the + * child has received the rexec state + * from the server. + */ + (void)atomicio(vwrite, startup_pipe, + "\0", 1); + } + return; } /* Parent. Stay in the loop. */ @@ -1236,10 +1288,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) #endif explicit_bzero(rnd, sizeof(rnd)); } - - /* child process check (or debug mode) */ - if (num_listen_socks < 0) - break; } } @@ -1569,8 +1617,18 @@ main(int ac, char **av) /* Fetch our configuration */ if ((cfg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); - if (rexeced_flag) + if (rexeced_flag) { recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg); + if (!debug_flag) { + startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); + close(REEXEC_STARTUP_PIPE_FD); + /* + * Signal parent that this child is at a point where + * they can go away if they have a SIGHUP pending. + */ + (void)atomicio(vwrite, startup_pipe, "\0", 1); + } + } else if (strcasecmp(config_file_name, "none") != 0) load_server_config(config_file_name, cfg); -- cgit v1.2.3 From e9552d6043db7cd170ac6ba1b4d2c7a5eb2c3201 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 1 Mar 2019 03:29:32 +0000 Subject: upstream: in ssh_set_newkeys(), mention the direction that we're keying in debug messages. Previously it would be difficult to tell which direction it was talking about OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d --- packet.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/packet.c b/packet.c index ec03301b9..36e352b44 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.282 2019/01/21 10:35:09 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.283 2019/03/01 03:29:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -841,6 +841,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode) u_int64_t *max_blocks; const char *wmsg; int r, crypt_type; + const char *dir = mode == MODE_OUT ? "out" : "in"; debug2("set_newkeys: mode %d", mode); @@ -856,8 +857,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) max_blocks = &state->max_blocks_in; } if (state->newkeys[mode] != NULL) { - debug("set_newkeys: rekeying, input %llu bytes %llu blocks, " - "output %llu bytes %llu blocks", + debug("%s: rekeying %s, input %llu bytes %llu blocks, " + "output %llu bytes %llu blocks", __func__, dir, (unsigned long long)state->p_read.bytes, (unsigned long long)state->p_read.blocks, (unsigned long long)state->p_send.bytes, @@ -879,7 +880,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode) return r; } mac->enabled = 1; - DBG(debug("cipher_init_context: %d", mode)); + DBG(debug("%s: cipher_init_context: %s", __func__, dir)); cipher_free(*ccp); *ccp = NULL; if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len, @@ -920,7 +921,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) if (state->rekey_limit) *max_blocks = MINIMUM(*max_blocks, state->rekey_limit / enc->block_size); - debug("rekey after %llu blocks", (unsigned long long)*max_blocks); + debug("rekey %s after %llu blocks", dir, + (unsigned long long)*max_blocks); return 0; } -- cgit v1.2.3 From c13b74530f9f1d9df7aeae012004b31b2de4438e Mon Sep 17 00:00:00 2001 From: "naddy@openbsd.org" Date: Tue, 5 Mar 2019 16:17:12 +0000 Subject: upstream: PKCS#11 support is no longer limited to RSA; ok benno@ kn@ OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826 --- ssh-keygen.1 | 6 +++--- ssh.1 | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 0c284a295..124456577 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.156 2019/01/23 04:51:02 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.157 2019/03/05 16:17:12 naddy Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 23 2019 $ +.Dd $Mdocdate: March 5 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -279,7 +279,7 @@ Requests changing the comment in the private and public key files. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. .It Fl D Ar pkcs11 -Download the RSA public keys provided by the PKCS#11 shared library +Download the public keys provided by the PKCS#11 shared library .Ar pkcs11 . When used in combination with .Fl s , diff --git a/ssh.1 b/ssh.1 index ca4373d11..41937c61a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.400 2019/01/22 11:51:25 djm Exp $ -.Dd $Mdocdate: January 22 2019 $ +.\" $OpenBSD: ssh.1,v 1.401 2019/03/05 16:17:12 naddy Exp $ +.Dd $Mdocdate: March 5 2019 $ .Dt SSH 1 .Os .Sh NAME @@ -270,8 +270,8 @@ on the master process. .It Fl I Ar pkcs11 Specify the PKCS#11 shared library .Nm -should use to communicate with a PKCS#11 token providing the user's -private RSA key. +should use to communicate with a PKCS#11 token providing keys for user +authentication. .Pp .It Fl i Ar identity_file Selects a file from which the identity (private key) for -- cgit v1.2.3 From ab5fee8eb6a011002fd9e32b1597f02aa8804a25 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 6 Mar 2019 21:06:59 +0000 Subject: upstream: Reset last-seen time when sending a keepalive. Prevents sending two keepalives successively and prematurely terminating connection when ClientAliveCount=1. While there, collapse two similar tests into one. ok markus@ OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd --- serverloop.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/serverloop.c b/serverloop.c index 9602e050d..f86f832b6 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.213 2019/01/19 22:30:52 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.214 2019/03/06 21:06:59 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -225,6 +225,7 @@ wait_until_can_do_something(struct ssh *ssh, int ret; time_t minwait_secs = 0; int client_alive_scheduled = 0; + /* time we last heard from the client OR sent a keepalive */ static time_t last_client_time; /* Allocate and update select() masks for channel descriptors. */ @@ -293,13 +294,15 @@ wait_until_can_do_something(struct ssh *ssh, } else if (client_alive_scheduled) { time_t now = monotime(); - if (ret == 0) { /* timeout */ + /* + * If the select timed out, or returned for some other reason + * but we haven't heard from the client in time, send keepalive. + */ + if (ret == 0 || (last_client_time != 0 && last_client_time + + options.client_alive_interval <= now)) { client_alive_check(ssh); - } else if (FD_ISSET(connection_in, *readsetp)) { last_client_time = now; - } else if (last_client_time != 0 && last_client_time + - options.client_alive_interval <= now) { - client_alive_check(ssh); + } else if (FD_ISSET(connection_in, *readsetp)) { last_client_time = now; } } -- cgit v1.2.3 From fd10cf027b56f9aaa80c9e3844626a05066589a4 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 6 Mar 2019 22:14:23 +0000 Subject: upstream: Move checks for lists of users or groups into their own function. This is a no-op on OpenBSD but will make things easier in -portable, eg on systems where these checks should be case-insensitive. ok djm@ OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e --- groupaccess.c | 9 +++------ match.c | 15 ++++++++++++++- match.h | 3 ++- servconf.c | 8 ++------ 4 files changed, 21 insertions(+), 14 deletions(-) diff --git a/groupaccess.c b/groupaccess.c index 43367990d..80d301915 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */ +/* $OpenBSD: groupaccess.c,v 1.17 2019/03/06 22:14:23 dtucker Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * @@ -103,11 +103,8 @@ ga_match_pattern_list(const char *group_pattern) int i, found = 0; for (i = 0; i < ngroups; i++) { -#ifndef HAVE_CYGWIN - switch (match_pattern_list(groups_byname[i], group_pattern, 0)) { -#else - switch (match_pattern_list(groups_byname[i], group_pattern, 1)) { -#endif + switch (match_usergroup_pattern_list(groups_byname[i], + group_pattern)) { case -1: return 0; /* Negated match wins */ case 0: diff --git a/match.c b/match.c index b50ae4057..ff0815ef9 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */ +/* $OpenBSD: match.c,v 1.39 2019/03/06 22:14:23 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -174,6 +174,19 @@ match_pattern_list(const char *string, const char *pattern, int dolower) #endif +/* Match a list representing users or groups. */ +int +match_usergroup_pattern_list(const char *string, const char *pattern) +{ +#ifndef HAVE_CYGWIN + /* Case sensitive match */ + return match_pattern_list(string, pattern, 0); +#else + /* Case insensitive match */ + return match_pattern_list(string, pattern, 1); +#endif +} + /* * Tries to match the host name (which must be in all lowercase) against the * comma-separated sequence of subpatterns (each possibly preceded by ! to diff --git a/match.h b/match.h index 852b1a5cb..3a8a6ecdc 100644 --- a/match.h +++ b/match.h @@ -1,4 +1,4 @@ -/* $OpenBSD: match.h,v 1.18 2018/07/04 13:49:31 djm Exp $ */ +/* $OpenBSD: match.h,v 1.19 2019/03/06 22:14:23 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -16,6 +16,7 @@ int match_pattern(const char *, const char *); int match_pattern_list(const char *, const char *, int); +int match_usergroup_pattern_list(const char *, const char *); int match_hostname(const char *, const char *); int match_host_and_ip(const char *, const char *, const char *); int match_user(const char *, const char *, const char *, const char *); diff --git a/servconf.c b/servconf.c index 4fa896fd4..a7bfba827 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.348 2019/01/24 02:34:52 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.349 2019/03/06 22:14:23 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1049,11 +1049,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) } if (ci->user == NULL) match_test_missing_fatal("User", "user"); -#ifndef HAVE_CYGWIN - if (match_pattern_list(ci->user, arg, 0) != 1) -#else - if (match_pattern_list(ci->user, arg, 1) != 1) -#endif + if (match_usergroup_pattern_list(ci->user, arg) != 1) result = 0; else debug("user %.100s matched 'User %.100s' at " -- cgit v1.2.3 From daa7505aadca68ba1a2c70cbdfce423208eb91ee Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 12 Mar 2019 09:19:19 +1100 Subject: Use Cygwin-specific matching only for users+groups. Patch from vinschen at redhat.com, updated a little by me. --- match.c | 12 ++++-------- openbsd-compat/bsd-cygwin_util.c | 18 ++++++++---------- openbsd-compat/bsd-cygwin_util.h | 1 + 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/match.c b/match.c index ff0815ef9..fcf69596d 100644 --- a/match.c +++ b/match.c @@ -111,8 +111,6 @@ match_pattern(const char *s, const char *pattern) /* NOTREACHED */ } -#ifndef HAVE_CYGWIN /* Cygwin version in openbsd-compat/bsd-cygwin_util.c */ - /* * Tries to match the string against the * comma-separated sequence of subpatterns (each possibly preceded by ! to @@ -172,18 +170,16 @@ match_pattern_list(const char *string, const char *pattern, int dolower) return got_positive; } -#endif - /* Match a list representing users or groups. */ int match_usergroup_pattern_list(const char *string, const char *pattern) { -#ifndef HAVE_CYGWIN - /* Case sensitive match */ - return match_pattern_list(string, pattern, 0); +#ifdef HAVE_CYGWIN + /* Windows usernames may be Unicode and are not case sensitive */ + return cygwin_ug_match_pattern_list(string, pattern); #else /* Case insensitive match */ - return match_pattern_list(string, pattern, 1); + return match_pattern_list(string, pattern, 0); #endif } diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index f721fca9d..1e4cdc928 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -128,7 +128,7 @@ free_windows_environment(char **p) */ static int -__match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) +__match_pattern (const wchar_t *s, const wchar_t *pattern) { for (;;) { /* If at end of pattern, accept if also at end of string. */ @@ -152,8 +152,7 @@ __match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) */ for (; *s; s++) if (*s == *pattern && - __match_pattern(s + 1, pattern + 1, - caseinsensitive)) + __match_pattern(s + 1, pattern + 1)) return 1; /* Failed. */ return 0; @@ -163,7 +162,7 @@ __match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) * match at each position. */ for (; *s; s++) - if (__match_pattern(s, pattern, caseinsensitive)) + if (__match_pattern(s, pattern)) return 1; /* Failed. */ return 0; @@ -176,8 +175,7 @@ __match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) return 0; /* Check if the next character of the string is acceptable. */ - if (*pattern != '?' && (*pattern != *s && - (!caseinsensitive || towlower(*pattern) != towlower(*s)))) + if (*pattern != '?' && towlower(*pattern) != towlower(*s)) return 0; /* Move to the next character, both in string and in pattern. */ @@ -188,7 +186,7 @@ __match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive) } static int -_match_pattern(const char *s, const char *pattern, int caseinsensitive) +_match_pattern(const char *s, const char *pattern) { wchar_t *ws; wchar_t *wpattern; @@ -202,7 +200,7 @@ _match_pattern(const char *s, const char *pattern, int caseinsensitive) return 0; wpattern = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); mbstowcs(wpattern, pattern, len + 1); - return __match_pattern (ws, wpattern, caseinsensitive); + return __match_pattern (ws, wpattern); } /* @@ -212,7 +210,7 @@ _match_pattern(const char *s, const char *pattern, int caseinsensitive) * a positive match, 0 if there is no match at all. */ int -match_pattern_list(const char *string, const char *pattern, int caseinsensitive) +cygwin_ug_match_pattern_list(const char *string, const char *pattern) { char sub[1024]; int negated; @@ -248,7 +246,7 @@ match_pattern_list(const char *string, const char *pattern, int caseinsensitive) sub[subi] = '\0'; /* Try to match the subpattern against the string. */ - if (_match_pattern(string, sub, caseinsensitive)) { + if (_match_pattern(string, sub)) { if (negated) return -1; /* Negative */ else diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 202c055db..55c5a5b81 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h @@ -55,6 +55,7 @@ int binary_open(const char *, int , ...); int check_ntsec(const char *); char **fetch_windows_environment(void); void free_windows_environment(char **); +int cygwin_ug_match_pattern_list(const char *, const char *); #ifndef NO_BINARY_OPEN #define open binary_open -- cgit v1.2.3 From a212107bfdf4d3e870ab7a443e4d906e5b9578c3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 13 Mar 2019 10:49:16 +1100 Subject: Replace alloca with xcalloc. The latter checks for memory exhaustion and integer overflow and may be at a less predictable place. Sanity check by vinschen at redhat.com, ok djm@ --- openbsd-compat/bsd-cygwin_util.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 1e4cdc928..54628e260 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include @@ -191,16 +192,20 @@ _match_pattern(const char *s, const char *pattern) wchar_t *ws; wchar_t *wpattern; size_t len; + int ret; if ((len = mbstowcs(NULL, s, 0)) < 0) return 0; - ws = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); + ws = (wchar_t *) xcalloc(len + 1, sizeof (wchar_t)); mbstowcs(ws, s, len + 1); if ((len = mbstowcs(NULL, pattern, 0)) < 0) return 0; - wpattern = (wchar_t *) alloca((len + 1) * sizeof (wchar_t)); + wpattern = (wchar_t *) xcalloc(len + 1, sizeof (wchar_t)); mbstowcs(wpattern, pattern, len + 1); - return __match_pattern (ws, wpattern); + ret = __match_pattern (ws, wpattern); + free(ws); + free(wpattern); + return ret; } /* -- cgit v1.2.3 From 825ab32f0d04a791e9d19d743c61ff8ed9b4d8e5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 14 Mar 2019 08:51:17 +1100 Subject: On Cygwin run sshd as SYSTEM where possible. Seteuid now creates user token using S4U. We don't create a token from scratch anymore, so we don't need the "Create a process token" privilege. The service can run under SYSTEM again... ...unless Cygwin is running on Windows Vista or Windows 7 in the WOW64 32 bit emulation layer. It turns out that WOW64 on these systems didn't implement MsV1_0 S4U Logon so we still need the fallback to NtCreateToken for these systems. Signed-off-by: Corinna Vinschen --- contrib/cygwin/ssh-host-config | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index cc36ea102..a8572e2ac 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -394,14 +394,24 @@ install_service() { then csih_get_cygenv "${cygwin_value}" - if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) + if ( [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ] ) then - csih_inform "On Windows Server 2003, Windows Vista, and above, the" - csih_inform "SYSTEM account cannot setuid to other users -- a capability" - csih_inform "sshd requires. You need to have or to create a privileged" - csih_inform "account. This script will help you do so." - echo + # Enforce using privileged user on 64 bit Vista or W7 under WOW64 + is_wow64=$(/usr/bin/uname | /usr/bin/grep -q 'WOW' && echo 1 || echo 0) + if ( csih_is_nt2003 && ! csih_is_windows8 && [ "${is_wow64}" = "1" ] ) + then + csih_inform "Running 32 bit Cygwin on 64 bit Windows Vista or Windows 7" + csih_inform "the SYSTEM account is not sufficient to setuid to a local" + csih_inform "user account. You need to have or to create a privileged" + csih_inform "account. This script will help you do so." + echo + csih_FORCE_PRIVILEGED_USER=yes + fi + fi + + if ( [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) + then [ "${opt_force}" = "yes" ] && opt_f=-f [ -n "${user_account}" ] && opt_u="-u ""${user_account}""" csih_select_privileged_username ${opt_f} ${opt_u} sshd @@ -412,11 +422,12 @@ install_service() { csih_request "Do you want to proceed anyway?" || exit 1 let ++ret fi + # Never returns empty if NT or above + run_service_as=$(csih_service_should_run_as) + else + run_service_as="SYSTEM" fi - # Never returns empty if NT or above - run_service_as=$(csih_service_should_run_as) - if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] then password="${csih_PRIVILEGED_PASSWORD}" -- cgit v1.2.3 From 9edbd7821e6837e98e7e95546cede804dac96754 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 14 Mar 2019 10:17:28 +1100 Subject: Fix build when configured --without-openssl. ok djm@ --- kexgen.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kexgen.c b/kexgen.c index bb0cb5c1b..2abbb9ef6 100644 --- a/kexgen.c +++ b/kexgen.c @@ -101,6 +101,7 @@ kex_gen_client(struct ssh *ssh) int r; switch (kex->kex_type) { +#ifdef WITH_OPENSSL case KEX_DH_GRP1_SHA1: case KEX_DH_GRP14_SHA1: case KEX_DH_GRP14_SHA256: @@ -111,6 +112,7 @@ kex_gen_client(struct ssh *ssh) case KEX_ECDH_SHA2: r = kex_ecdh_keypair(kex); break; +#endif case KEX_C25519_SHA256: r = kex_c25519_keypair(kex); break; @@ -167,6 +169,7 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) /* compute shared secret */ switch (kex->kex_type) { +#ifdef WITH_OPENSSL case KEX_DH_GRP1_SHA1: case KEX_DH_GRP14_SHA1: case KEX_DH_GRP14_SHA256: @@ -177,6 +180,7 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_ECDH_SHA2: r = kex_ecdh_dec(kex, server_blob, &shared_secret); break; +#endif case KEX_C25519_SHA256: r = kex_c25519_dec(kex, server_blob, &shared_secret); break; @@ -259,6 +263,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) /* compute shared secret */ switch (kex->kex_type) { +#ifdef WITH_OPENSSL case KEX_DH_GRP1_SHA1: case KEX_DH_GRP14_SHA1: case KEX_DH_GRP14_SHA256: @@ -271,6 +276,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_ecdh_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; +#endif case KEX_C25519_SHA256: r = kex_c25519_enc(kex, client_pubkey, &server_pubkey, &shared_secret); -- cgit v1.2.3 From 2aee9a49f668092ac5c9d34e904ef7a9722e541d Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Fri, 8 Mar 2019 17:24:43 +0000 Subject: upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c --- ssh-pkcs11.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index a1a2bab45..70f06bffe 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.42 2019/02/04 23:37:54 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.43 2019/03/08 17:24:43 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -1124,6 +1124,7 @@ pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx, break; default: /* XXX print key type? */ + key = NULL; error("skipping unsupported certificate type"); } @@ -1225,6 +1226,7 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, #endif /* HAVE_EC_KEY_METHOD_NEW */ default: /* XXX print key type? */ + key = NULL; error("skipping unsupported key type"); } -- cgit v1.2.3 From 1b1332b5bb975d759a50b37f0e8bc8cfb07a0bb0 Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Sat, 16 Mar 2019 19:14:21 +0000 Subject: upstream: benno helped me clean up the tcp forwarding section; OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08 --- ssh.1 | 50 ++++++++++++++++++-------------------------------- 1 file changed, 18 insertions(+), 32 deletions(-) diff --git a/ssh.1 b/ssh.1 index 41937c61a..9480eba8d 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.401 2019/03/05 16:17:12 naddy Exp $ -.Dd $Mdocdate: March 5 2019 $ +.\" $OpenBSD: ssh.1,v 1.402 2019/03/16 19:14:21 jmc Exp $ +.Dd $Mdocdate: March 16 2019 $ .Dt SSH 1 .Os .Sh NAME @@ -1090,49 +1090,35 @@ Increase the verbosity when errors are being written to stderr. .El .Sh TCP FORWARDING -Forwarding of arbitrary TCP connections over the secure channel can -be specified either on the command line or in a configuration file. +Forwarding of arbitrary TCP connections over a secure channel +can be specified either on the command line or in a configuration file. One possible application of TCP forwarding is a secure connection to a mail server; another is going through firewalls. .Pp -In the example below, we look at encrypting communication between -an IRC client and server, even though the IRC server does not directly -support encrypted communications. +In the example below, we look at encrypting communication for an IRC client, +even though the IRC server it connects to does not directly +support encrypted communication. This works as follows: the user connects to the remote host using .Nm , -specifying a port to be used to forward connections -to the remote server. -After that it is possible to start the service which is to be encrypted -on the client machine, -connecting to the same local port, +specifying the ports to be used to forward the connection. +After that it is possible to start the program locally, and .Nm -will encrypt and forward the connection. +will encrypt and forward the connection to the remote server. .Pp -The following example tunnels an IRC session from client machine -.Dq 127.0.0.1 -(localhost) -to remote server -.Dq server.example.com : -.Bd -literal -offset 4n -$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 -$ irc -c '#users' -p 1234 pinky 127.0.0.1 -.Ed -.Pp -This tunnels a connection to IRC server +The following example tunnels an IRC session from the client +to an IRC server at .Dq server.example.com , joining channel .Dq #users , nickname .Dq pinky , -using port 1234. -It doesn't matter which port is used, -as long as it's greater than 1023 -(remember, only root can open sockets on privileged ports) -and doesn't conflict with any ports already in use. -The connection is forwarded to port 6667 on the remote server, -since that's the standard port for IRC services. +using the standard IRC port, 6667: +.Bd -literal -offset 4n +$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 +$ irc -c '#users' pinky IRC/127.0.0.1 +.Ed .Pp The .Fl f @@ -1142,7 +1128,7 @@ and the remote command .Dq sleep 10 is specified to allow an amount of time (10 seconds, in the example) -to start the service which is to be tunnelled. +to start the program which is going to use the tunnel. If no connections are made within the time specified, .Nm will exit. -- cgit v1.2.3 From 62949c5b37af28d8490d94866e314a76be683a5e Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Fri, 22 Mar 2019 20:58:34 +0000 Subject: upstream: full stop in the wrong place; OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4 --- sshd_config.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sshd_config.5 b/sshd_config.5 index 142f84a19..b224f2929 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.283 2019/01/23 20:48:52 dtucker Exp $ -.Dd $Mdocdate: January 23 2019 $ +.\" $OpenBSD: sshd_config.5,v 1.284 2019/03/22 20:58:34 jmc Exp $ +.Dd $Mdocdate: March 22 2019 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1084,7 +1084,7 @@ and .Cm RDomain representing the .Xr rdomain 4 -on which the connection was received.) +on which the connection was received). .Pp The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the -- cgit v1.2.3 From f47269ea67eb4ff87454bf0d2a03e55532786482 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 25 Mar 2019 15:49:00 +0000 Subject: upstream: Increase the default RSA key size to 3072 bits. Based on the estimates from NIST Special Publication 800-57, 3k bits provides security equivalent to 128 bits which is the smallest symmetric cipher we enable by default. ok markus@ deraadt@ OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b --- ssh-keygen.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 5d0787728..5d256a159 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.327 2019/02/10 16:35:41 benno Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.328 2019/03/25 15:49:00 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -67,8 +67,11 @@ # define DEFAULT_KEY_TYPE_NAME "ed25519" #endif -/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ -#define DEFAULT_BITS 2048 +/* + * Default number of bits in the RSA/DSA key. This value can be overridden + * on the command line. + */ +#define DEFAULT_BITS 3072 #define DEFAULT_BITS_DSA 1024 #define DEFAULT_BITS_ECDSA 256 -- cgit v1.2.3 From 26e0cef07b04479537c971dec898741df1290fe5 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 25 Mar 2019 16:19:44 +0000 Subject: upstream: Expand comment to document rationale for default key sizes. "seems worthwhile" deraadt. OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456 --- ssh-keygen.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 5d256a159..3898b281e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.328 2019/03/25 15:49:00 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.329 2019/03/25 16:19:44 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -68,8 +68,15 @@ #endif /* - * Default number of bits in the RSA/DSA key. This value can be overridden - * on the command line. + * Default number of bits in the RSA, DSA and ECDSA keys. These value can be + * overridden on the command line. + * + * These values, with the exception of DSA, provide security equivalent to at + * least 128 bits of security according to NIST Special Publication 800-57: + * Recommendation for Key Management Part 1 rev 4 section 5.6.1. + * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for + * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only + * SHA1 we limit the DSA key size 1k bits. */ #define DEFAULT_BITS 3072 #define DEFAULT_BITS_DSA 1024 -- cgit v1.2.3 From d6e5def308610f194c0ec3ef97a34a3e9630e190 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 25 Mar 2019 22:33:44 +0000 Subject: upstream: whitespace OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07 --- servconf.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/servconf.c b/servconf.c index a7bfba827..ffac5d2c7 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.349 2019/03/06 22:14:23 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.350 2019/03/25 22:33:44 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -470,7 +470,6 @@ fill_default_server_options(ServerOptions *options) options->compression = 0; } #endif - } /* Keyword tokens. */ -- cgit v1.2.3 From 4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 25 Mar 2019 22:34:52 +0000 Subject: upstream: Fix authentication failures when "AuthenticationMethods any" in a Match block overrides a more restrictive global default. Spotted by jmc@, ok markus@ OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666 --- auth2.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/auth2.c b/auth2.c index e43350c36..16ae1a363 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.155 2019/03/25 22:34:52 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -577,6 +577,14 @@ auth2_setup_methods_lists(Authctxt *authctxt) { u_int i; + /* First, normalise away the "any" pseudo-method */ + if (options.num_auth_methods == 1 && + strcmp(options.auth_methods[0], "any") == 0) { + free(options.auth_methods[0]); + options.auth_methods[0] = NULL; + options.num_auth_methods = 0; + } + if (options.num_auth_methods == 0) return 0; debug3("%s: checking methods", __func__); -- cgit v1.2.3 From 21da87f439b48a85b951ef1518fe85ac0273e719 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 27 Mar 2019 09:29:14 +0000 Subject: upstream: fix interaction between ClientAliveInterval and RekeyLimit that could cause connection to close incorrectly; Report and patch from Jakub Jelen in bz#2757; ok dtucker@ markus@ OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb --- serverloop.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/serverloop.c b/serverloop.c index f86f832b6..d7b04b37c 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.214 2019/03/06 21:06:59 dtucker Exp $ */ +/* $OpenBSD: serverloop.c,v 1.215 2019/03/27 09:29:14 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -248,9 +248,10 @@ wait_until_can_do_something(struct ssh *ssh, uint64_t keepalive_ms = (uint64_t)options.client_alive_interval * 1000; - client_alive_scheduled = 1; - if (max_time_ms == 0 || max_time_ms > keepalive_ms) + if (max_time_ms == 0 || max_time_ms > keepalive_ms) { max_time_ms = keepalive_ms; + client_alive_scheduled = 1; + } } #if 0 -- cgit v1.2.3 From 786cd4c1837fdc3fe7b4befe54a3f37db7df8715 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Wed, 27 Mar 2019 18:18:21 +0100 Subject: drop old Cygwin considerations - Cygwin supports non-DOS characters in filenames - Cygwin does not support Windows XP anymore Signed-off-by: Corinna Vinschen --- regress/sftp-cmds.sh | 4 ---- regress/test-exec.sh | 4 ---- 2 files changed, 8 deletions(-) diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh index aad7fcac2..1289c4089 100644 --- a/regress/sftp-cmds.sh +++ b/regress/sftp-cmds.sh @@ -77,7 +77,6 @@ echo "get \"$DATA\" $COPY" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ || fail "get failed" cmp $DATA ${COPY} || fail "corrupted copy after get" -if [ "$os" != "cygwin" ]; then rm -f ${QUOTECOPY} cp $DATA ${QUOTECOPY} verbose "$tid: get filename with quotes" @@ -85,7 +84,6 @@ echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "get failed" cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes" rm -f ${QUOTECOPY} ${COPY} -fi rm -f "$SPACECOPY" ${COPY} cp $DATA "$SPACECOPY" @@ -136,13 +134,11 @@ echo "put $DATA $COPY" | \ ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed" cmp $DATA ${COPY} || fail "corrupted copy after put" -if [ "$os" != "cygwin" ]; then rm -f ${QUOTECOPY} verbose "$tid: put filename with quotes" echo "put $DATA \"$QUOTECOPY_ARG\"" | \ ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed" cmp $DATA ${QUOTECOPY} || fail "corrupted copy after put with quotes" -fi rm -f "$SPACECOPY" verbose "$tid: put filename with spaces" diff --git a/regress/test-exec.sh b/regress/test-exec.sh index e8379e178..b8e2009de 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -12,10 +12,6 @@ OSF1*) BIN_SH=xpg4 export BIN_SH ;; -CYGWIN_NT-5.0) - os=cygwin - TEST_SSH_IPV6=no - ;; CYGWIN*) os=cygwin ;; -- cgit v1.2.3 From f5abb05f8c7358dacdcb866fe2813f6d8efd5830 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Mar 2019 09:26:14 +1100 Subject: Only use O_NOFOLLOW in utimensat if defined. Fixes build on systems that don't have it (Solaris <=9) Found by Tom G. Christensen. --- openbsd-compat/bsd-misc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index d3a41df50..3c85a12a6 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -143,8 +143,10 @@ utimensat(int fd, const char *path, const struct timespec times[2], # ifndef HAVE_FUTIMES return utimes(path, tv); # else +# ifdef O_NOFOLLOW if (flag & AT_SYMLINK_NOFOLLOW) oflags |= O_NOFOLLOW; +# endif /* O_NOFOLLOW */ if ((fd = open(path, oflags)) == -1) return -1; ret = futimes(fd, tv); -- cgit v1.2.3 From 342d6e51589b184c337cccfc4c788b60ff8b3765 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 29 Mar 2019 12:29:41 +0100 Subject: Adjust softhsm2 path on Fedora Linux for regress The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so --- regress/agent-pkcs11.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh index 5dd771263..5205d9067 100644 --- a/regress/agent-pkcs11.sh +++ b/regress/agent-pkcs11.sh @@ -17,6 +17,7 @@ try_token_libs() { try_token_libs \ /usr/local/lib/softhsm/libsofthsm2.so \ + /usr/lib64/pkcs11/libsofthsm2.so \ /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so TEST_SSH_PIN=1234 -- cgit v1.2.3 From 43f47ebbdd4037b569c23b8f4f7981f53b567f1d Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 31 Mar 2019 19:22:19 -0700 Subject: Only use O_NOFOLLOW in fchownat and fchmodat if defined --- openbsd-compat/bsd-misc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 3c85a12a6..aa1c7d7a3 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -174,8 +174,10 @@ fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag) # ifndef HAVE_FCHOWN return chown(pathname, owner, group); # else +# ifdef O_NOFOLLOW if (flag & AT_SYMLINK_NOFOLLOW) oflags |= O_NOFOLLOW; +# endif /* O_NOFOLLOW */ if ((fd = open(path, oflags)) == -1) return -1; ret = fchown(fd, owner, group); @@ -203,8 +205,10 @@ fchmodat(int fd, const char *path, mode_t mode, int flag) # ifndef HAVE_FCHMOD return chown(pathname, owner, group); # else +# ifdef O_NOFOLLOW if (flag & AT_SYMLINK_NOFOLLOW) oflags |= O_NOFOLLOW; +# endif /* O_NOFOLLOW */ if ((fd = open(path, oflags)) == -1) return -1; ret = fchmod(fd, mode); -- cgit v1.2.3 From 00991151786ce9b1d577bdad1f83a81d19c8236d Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 31 Mar 2019 22:14:22 -0700 Subject: Stop USL compilers for erroring with "integral constant expression expected" --- sntrup4591761.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sntrup4591761.c b/sntrup4591761.c index 615f1b266..8166f8b3c 100644 --- a/sntrup4591761.c +++ b/sntrup4591761.c @@ -502,8 +502,8 @@ int r3_recip(small *r,const small *s) int loop; small f[p + 1]; small g[p + 1]; - small u[loops + 1]; - small v[loops + 1]; + small u[2*p + 2]; + small v[2*p + 2]; small c; int i; int d = p; @@ -819,8 +819,8 @@ int rq_recip3(modq *r,const small *s) int loop; modq f[p + 1]; modq g[p + 1]; - modq u[loops + 1]; - modq v[loops + 1]; + modq u[2*p + 2]; + modq v[2*p + 2]; modq c; int i; int d = p; -- cgit v1.2.3 From a0ca4009ab2f0b1007ec8ab6864dbf9b760a8ed5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 1 Apr 2019 20:07:23 +1100 Subject: Add includes.h for compat layer. Should fix build on AIX 7.2. --- sntrup4591761.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sntrup4591761.c b/sntrup4591761.c index 8166f8b3c..61fe2483f 100644 --- a/sntrup4591761.c +++ b/sntrup4591761.c @@ -8,6 +8,8 @@ * - Christine van Vredendaal */ +#include "includes.h" + #include #include "crypto_api.h" -- cgit v1.2.3 From 138c0d52cdc90f9895333b82fc57d81cce7a3d90 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 2 Apr 2019 18:21:35 +1100 Subject: Adapt custom_failed_login to new prototype. Spotted by Kevin Brott. --- openbsd-compat/port-aix.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 52698050c..b61018b56 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -313,7 +313,8 @@ sys_auth_get_lastlogin_msg(const char *user, uid_t uid) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *hostname, const char *ttyname) +record_failed_login(struct ssh *ssh, const char *user, const char *hostname, + const char *ttyname) { if (geteuid() != 0) return; -- cgit v1.2.3 From 79a87d32783d6c9db40af8f35e091d9d30365ae7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 3 Apr 2019 06:27:45 +1100 Subject: Remove "struct ssh" from sys_auth_record_login. It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott. --- auth.c | 2 +- openbsd-compat/port-aix.c | 4 ++-- openbsd-compat/port-aix.h | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/auth.c b/auth.c index 332b6220c..8696f258e 100644 --- a/auth.c +++ b/auth.c @@ -360,7 +360,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); # ifdef WITH_AIXAUTHENTICATE if (authenticated) - sys_auth_record_login(ssh, authctxt->user, + sys_auth_record_login(authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh", loginmsg); # endif diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index b61018b56..fc80dc39f 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -280,8 +280,8 @@ sys_auth_allowed_user(struct passwd *pw, struct sshbuf *loginmsg) } int -sys_auth_record_login(struct ssh *ssh, const char *user, const char *host, - const char *ttynm, struct sshbuf *loginmsg) +sys_auth_record_login(const char *user, const char *host, const char *ttynm, + struct sshbuf *loginmsg) { char *msg = NULL; int success = 0; diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 4702e3bf1..904de3096 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -90,8 +90,8 @@ void aix_usrinfo(struct passwd *); # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 int sys_auth_allowed_user(struct passwd *, struct sshbuf *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(struct ssh *, const char *, const char *, - const char *, struct sshbuf *); +int sys_auth_record_login(const char *, const char *, const char *, + struct sshbuf *); # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG char *sys_auth_get_lastlogin_msg(const char *, uid_t); # define CUSTOM_FAILED_LOGIN 1 -- cgit v1.2.3 From 9d7b2882b0c9a5e9bf8312ce4075bf178e2b98be Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 29 Mar 2019 11:31:40 +0000 Subject: upstream: when logging/fataling on error, include a bit more detail than just the function name and the error message OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f --- clientloop.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/clientloop.c b/clientloop.c index 521467bd2..086c0dfe8 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.321 2019/01/19 21:39:12 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.322 2019/03/29 11:31:40 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -364,7 +364,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, SSH_X11_PROTO, x11_timeout_real, _PATH_DEVNULL); } - debug2("%s: %s", __func__, cmd); + debug2("%s: xauth command: %s", __func__, cmd); if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; @@ -492,7 +492,7 @@ server_alive_check(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */ (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: send packet: %s", __func__, ssh_err(r)); /* Insert an empty placeholder to maintain ordering */ client_register_global_confirm(NULL, NULL); } @@ -1035,7 +1035,7 @@ process_escapes(struct ssh *ssh, Channel *c, channel_request_start(ssh, c->self, "break", 0); if ((r = sshpkt_put_u32(ssh, 1000)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, + fatal("%s: send packet: %s", __func__, ssh_err(r)); continue; @@ -1416,7 +1416,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language tag */ (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: send disconnect: %s", __func__, ssh_err(r)); channel_free_all(ssh); @@ -1502,7 +1502,7 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: parse packet: %s", __func__, ssh_err(r)); debug("%s: listen %s port %d, originator %s port %d", __func__, listen_address, listen_port, originator_address, originator_port); @@ -1559,9 +1559,9 @@ client_request_forwarded_streamlocal(struct ssh *ssh, if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 || (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* reserved */ (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: parse packet: %s", __func__, ssh_err(r)); - debug("%s: %s", __func__, listen_path); + debug("%s: request: %s", __func__, listen_path); c = channel_connect_by_listen_path(ssh, listen_path, "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); @@ -1591,7 +1591,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: parse packet: %s", __func__, ssh_err(r)); /* XXX check permission */ /* XXX range check originator port? */ debug("client_request_x11: request from %s %u", originator, @@ -2260,12 +2260,12 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 || (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 || (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: build packet: %s", __func__, ssh_err(r)); if (tiop == NULL) tiop = get_saved_tio(); ssh_tty_make_modes(ssh, -1, tiop); if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: send packet: %s", __func__, ssh_err(r)); /* XXX wait for reply */ c->client_tty = 1; } @@ -2299,8 +2299,10 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, channel_request_start(ssh, id, "env", 0); if ((r = sshpkt_put_cstring(ssh, name)) != 0 || (r = sshpkt_put_cstring(ssh, val)) != 0 || - (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + (r = sshpkt_send(ssh)) != 0) { + fatal("%s: send packet: %s", + __func__, ssh_err(r)); + } free(name); } } @@ -2318,7 +2320,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, if ((r = sshpkt_put_cstring(ssh, name)) != 0 || (r = sshpkt_put_cstring(ssh, val)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: send packet: %s", __func__, ssh_err(r)); free(name); } @@ -2340,12 +2342,14 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, } if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: send command: %s", __func__, ssh_err(r)); } else { channel_request_start(ssh, id, "shell", 1); client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE); - if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + if ((r = sshpkt_send(ssh)) != 0) { + fatal("%s: send shell request: %s", + __func__, ssh_err(r)); + } } } -- cgit v1.2.3 From 885bc114692046d55e2a170b932bdc0092fa3456 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 4 Apr 2019 02:47:40 +1100 Subject: session: Do not use removed API from Jakub Jelen --- session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/session.c b/session.c index 48cfaafbf..ac06b08e9 100644 --- a/session.c +++ b/session.c @@ -2620,7 +2620,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) he = gethostbyname(hostname); if (he == NULL) { error("Can't get IP address for X11 DISPLAY."); - packet_send_debug("Can't get IP address for X11 DISPLAY."); + ssh_packet_send_debug(ssh, "Can't get IP address for X11 DISPLAY."); return 0; } memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); -- cgit v1.2.3 From 312dcee739bca5d6878c536537b2a8a497314b75 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 3 Apr 2019 15:48:45 +0000 Subject: upstream: openssh-8.0 OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b --- version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.h b/version.h index 422dfbc3a..806ead9a6 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.83 2018/10/10 16:43:49 deraadt Exp $ */ +/* $OpenBSD: version.h,v 1.84 2019/04/03 15:48:45 djm Exp $ */ -#define SSH_VERSION "OpenSSH_7.9" +#define SSH_VERSION "OpenSSH_8.0" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From a924de0c4908902433813ba205bee1446bd1a157 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Apr 2019 03:41:52 +1100 Subject: update versions --- README | 2 +- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 05916459c..77cb0ef3a 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#7.9p1 for the release notes. +See https://www.openssh.com/releasenotes.html#8.0p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index d7823483d..f3c175523 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 7.9p1 +%define ver 8.0p1 %define rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index b43d8985a..478871815 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 7.9p1 +Version: 8.0p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 9444d82678cb7781820da4d1c23b3c2b9fb1e12f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Apr 2019 11:21:48 -0700 Subject: rewrite README Include basic build instructions and comments on commonly-used build- time flags, links to the manual pages and other resources. Now in Markdown format for better viewing on github, etc. --- README | 106 ++++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 59 insertions(+), 47 deletions(-) diff --git a/README b/README index 77cb0ef3a..4e2624161 100644 --- a/README +++ b/README @@ -1,62 +1,74 @@ -See https://www.openssh.com/releasenotes.html#8.0p1 for the release notes. +# Portable OpenSSH -Please read https://www.openssh.com/report.html for bug reporting -instructions and note that we do not use Github for bug reporting or -patch/pull-request management. +OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs. -This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other -Unices. +This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM). -OpenSSH is based on the last free version of Tatu Ylonen's sample -implementation with all patent-encumbered algorithms removed (to -external libraries), all known security bugs fixed, new features -reintroduced and many other clean-ups. OpenSSH has been created by -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, -and Dug Song. It has a homepage at https://www.openssh.com/ +## Documentation -This port consists of the re-introduction of autoconf support, PAM -support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library -functions that are (regrettably) absent from other unices. This port -has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X, -FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare. +The official documentation for OpenSSH are the man pages for each tool: -This version actively tracks changes in the OpenBSD CVS repository. +* [ssh(1)](https://man.openbsd.org/ssh.1) +* [sshd(8)](https://man.openbsd.org/sshd.8) +* [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1) +* [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1) +* [scp(1)](https://man.openbsd.org/scp.1) +* [sftp(1)](https://man.openbsd.org/sftp.1) +* [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8) +* [sftp-server(8)](https://man.openbsd.org/sftp-server.8) -The PAM support is now more functional than the popular packages of -commercial ssh-1.2.x. It checks "account" and "session" modules for -all logins, not just when using password authentication. +## Stable Releases -OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and -libedit[6] +Stable release tarballs are available from a number of [download mirrors](https://www.openssh.com/portable.html#downloads). We recommend the use of a stable release for most users. Please read the [release notes](https://www.openssh.com/releasenotes.html) for details of recent changes and potential incompatibilities. -There is now several mailing lists for this port of OpenSSH. Please -refer to https://www.openssh.com/list.html for details on how to join. +## Building Portable OpenSSH -Please send bug reports and patches to the mailing list -openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed -users. Code contribution are welcomed, but please follow the OpenBSD -style guidelines[7]. +### Dependencies -Please refer to the INSTALL document for information on how to install -OpenSSH on your system. +Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies. -Damien Miller +### Building a release -Miscellania - +Releases include a pre-built copy of the ``configure`` script and may be built using: -This version of OpenSSH is based upon code retrieved from the OpenBSD -CVS repository which in turn was based on the last free sample -implementation released by Tatu Ylonen. +``` +tar zxvf openssh-X.Y.tar.gz +cd openssh +./configure # [options] +make && make tests +``` -References - +See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths. + +### Building from git -[0] https://www.openssh.com/ -[1] http://www.lothar.com/tech/crypto/ -[2] http://prngd.sourceforge.net/ -[3] https://www.zlib.net/ -[4] https://www.openssl.org/ -[5] https://www.openpam.org - https://www.kernel.org/pub/linux/libs/pam/ - (PAM also is standard on Solaris and HP-UX 11) -[6] https://thrysoee.dk/editline/ (portable version) -[7] https://man.openbsd.org/style.9 +If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git: + +``` +git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git +cd openssh-portable +autoreconf +./configure +make && make tests +``` + +### Build-time Customisation + +There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH). + +For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed. + +Flag | Meaning +--- | --- +``--with-pam`` | Enable [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) support. [OpenPAM](https://www.openpam.org/), [Linux PAM](http://www.linux-pam.org/) and Solaris PAM are supported. +``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp. +``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported. +``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support. + +## Development + +Portable OpenSSH development is discussed on the [openssh-unix-dev mailing list](https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) ([archive mirror](https://marc.info/?l=openssh-unix-dev)). Bugs and feature requests are tracked on our [Bugzilla](https://bugzilla.mindrot.org/). + +## Reporting bugs + +_Non-security_ bugs may be reported to the developers via [Bugzilla](https://bugzilla.mindrot.org/) or via the mailing list above. Security bugs should be reported to [openssh@openssh.com](mailto:openssh.openssh.com). -- cgit v1.2.3 From 5d3127d9274519b25ed10e320f45045ba8d7f3be Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Apr 2019 11:29:31 -0700 Subject: Revert "rewrite README" This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f. --- README | 106 +++++++++++++++++++++++++++++------------------------------------ 1 file changed, 47 insertions(+), 59 deletions(-) diff --git a/README b/README index 4e2624161..77cb0ef3a 100644 --- a/README +++ b/README @@ -1,74 +1,62 @@ -# Portable OpenSSH +See https://www.openssh.com/releasenotes.html#8.0p1 for the release notes. -OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs. +Please read https://www.openssh.com/report.html for bug reporting +instructions and note that we do not use Github for bug reporting or +patch/pull-request management. -This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM). +This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other +Unices. -## Documentation +OpenSSH is based on the last free version of Tatu Ylonen's sample +implementation with all patent-encumbered algorithms removed (to +external libraries), all known security bugs fixed, new features +reintroduced and many other clean-ups. OpenSSH has been created by +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, +and Dug Song. It has a homepage at https://www.openssh.com/ -The official documentation for OpenSSH are the man pages for each tool: +This port consists of the re-introduction of autoconf support, PAM +support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library +functions that are (regrettably) absent from other unices. This port +has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X, +FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare. -* [ssh(1)](https://man.openbsd.org/ssh.1) -* [sshd(8)](https://man.openbsd.org/sshd.8) -* [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1) -* [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1) -* [scp(1)](https://man.openbsd.org/scp.1) -* [sftp(1)](https://man.openbsd.org/sftp.1) -* [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8) -* [sftp-server(8)](https://man.openbsd.org/sftp-server.8) +This version actively tracks changes in the OpenBSD CVS repository. -## Stable Releases +The PAM support is now more functional than the popular packages of +commercial ssh-1.2.x. It checks "account" and "session" modules for +all logins, not just when using password authentication. -Stable release tarballs are available from a number of [download mirrors](https://www.openssh.com/portable.html#downloads). We recommend the use of a stable release for most users. Please read the [release notes](https://www.openssh.com/releasenotes.html) for details of recent changes and potential incompatibilities. +OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and +libedit[6] -## Building Portable OpenSSH +There is now several mailing lists for this port of OpenSSH. Please +refer to https://www.openssh.com/list.html for details on how to join. -### Dependencies +Please send bug reports and patches to the mailing list +openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed +users. Code contribution are welcomed, but please follow the OpenBSD +style guidelines[7]. -Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies. +Please refer to the INSTALL document for information on how to install +OpenSSH on your system. -### Building a release +Damien Miller -Releases include a pre-built copy of the ``configure`` script and may be built using: +Miscellania - -``` -tar zxvf openssh-X.Y.tar.gz -cd openssh -./configure # [options] -make && make tests -``` +This version of OpenSSH is based upon code retrieved from the OpenBSD +CVS repository which in turn was based on the last free sample +implementation released by Tatu Ylonen. -See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths. - -### Building from git +References - -If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git: - -``` -git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git -cd openssh-portable -autoreconf -./configure -make && make tests -``` - -### Build-time Customisation - -There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH). - -For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed. - -Flag | Meaning ---- | --- -``--with-pam`` | Enable [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) support. [OpenPAM](https://www.openpam.org/), [Linux PAM](http://www.linux-pam.org/) and Solaris PAM are supported. -``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp. -``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported. -``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support. - -## Development - -Portable OpenSSH development is discussed on the [openssh-unix-dev mailing list](https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) ([archive mirror](https://marc.info/?l=openssh-unix-dev)). Bugs and feature requests are tracked on our [Bugzilla](https://bugzilla.mindrot.org/). - -## Reporting bugs - -_Non-security_ bugs may be reported to the developers via [Bugzilla](https://bugzilla.mindrot.org/) or via the mailing list above. Security bugs should be reported to [openssh@openssh.com](mailto:openssh.openssh.com). +[0] https://www.openssh.com/ +[1] http://www.lothar.com/tech/crypto/ +[2] http://prngd.sourceforge.net/ +[3] https://www.zlib.net/ +[4] https://www.openssl.org/ +[5] https://www.openpam.org + https://www.kernel.org/pub/linux/libs/pam/ + (PAM also is standard on Solaris and HP-UX 11) +[6] https://thrysoee.dk/editline/ (portable version) +[7] https://man.openbsd.org/style.9 -- cgit v1.2.3 From 5de397a876b587ba05a9169237deffdc71f273b0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Apr 2019 11:29:51 -0700 Subject: second thoughts: leave README in place A number of contrib/* files refer to the existing README so let's leave it in place for release and add the new markdown version in parallel. I'll get rid of README after release. --- README.md | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 000000000..4e2624161 --- /dev/null +++ b/README.md @@ -0,0 +1,74 @@ +# Portable OpenSSH + +OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs. + +This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM). + +## Documentation + +The official documentation for OpenSSH are the man pages for each tool: + +* [ssh(1)](https://man.openbsd.org/ssh.1) +* [sshd(8)](https://man.openbsd.org/sshd.8) +* [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1) +* [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1) +* [scp(1)](https://man.openbsd.org/scp.1) +* [sftp(1)](https://man.openbsd.org/sftp.1) +* [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8) +* [sftp-server(8)](https://man.openbsd.org/sftp-server.8) + +## Stable Releases + +Stable release tarballs are available from a number of [download mirrors](https://www.openssh.com/portable.html#downloads). We recommend the use of a stable release for most users. Please read the [release notes](https://www.openssh.com/releasenotes.html) for details of recent changes and potential incompatibilities. + +## Building Portable OpenSSH + +### Dependencies + +Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies. + +### Building a release + +Releases include a pre-built copy of the ``configure`` script and may be built using: + +``` +tar zxvf openssh-X.Y.tar.gz +cd openssh +./configure # [options] +make && make tests +``` + +See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths. + +### Building from git + +If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git: + +``` +git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git +cd openssh-portable +autoreconf +./configure +make && make tests +``` + +### Build-time Customisation + +There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH). + +For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed. + +Flag | Meaning +--- | --- +``--with-pam`` | Enable [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) support. [OpenPAM](https://www.openpam.org/), [Linux PAM](http://www.linux-pam.org/) and Solaris PAM are supported. +``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp. +``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported. +``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support. + +## Development + +Portable OpenSSH development is discussed on the [openssh-unix-dev mailing list](https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) ([archive mirror](https://marc.info/?l=openssh-unix-dev)). Bugs and feature requests are tracked on our [Bugzilla](https://bugzilla.mindrot.org/). + +## Reporting bugs + +_Non-security_ bugs may be reported to the developers via [Bugzilla](https://bugzilla.mindrot.org/) or via the mailing list above. Security bugs should be reported to [openssh@openssh.com](mailto:openssh.openssh.com). -- cgit v1.2.3 From fd0fa130ecf06d7d092932adcd5d77f1549bfc8d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 18 Apr 2019 08:52:57 +1000 Subject: makedepend --- .depend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.depend b/.depend index 04a2ea050..c6725ec77 100644 --- a/.depend +++ b/.depend @@ -121,7 +121,7 @@ sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h -sntrup4591761.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sntrup4591761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -- cgit v1.2.3 From 7ce79be85036c4b36937f1b1ba85f6094068412c Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Sun, 9 Feb 2014 16:09:48 +0000 Subject: GSSAPI key exchange support This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2019-06-05 Patch-Name: gssapi.patch --- Makefile.in | 3 +- auth-krb5.c | 17 +- auth.c | 96 +-------- auth2-gss.c | 56 +++++- auth2.c | 2 + canohost.c | 93 +++++++++ canohost.h | 3 + clientloop.c | 15 +- configure.ac | 24 +++ gss-genr.c | 300 +++++++++++++++++++++++++++- gss-serv-krb5.c | 85 +++++++- gss-serv.c | 186 +++++++++++++++-- hmac.c | 1 + kex.c | 66 +++++- kex.h | 29 +++ kexdh.c | 10 + kexgen.c | 2 +- kexgssc.c | 606 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ kexgsss.c | 474 ++++++++++++++++++++++++++++++++++++++++++++ mac.c | 1 + monitor.c | 139 ++++++++++++- monitor.h | 2 + monitor_wrap.c | 57 +++++- monitor_wrap.h | 4 +- readconf.c | 70 +++++++ readconf.h | 6 + servconf.c | 47 +++++ servconf.h | 3 + session.c | 10 +- ssh-gss.h | 50 ++++- ssh.1 | 8 + ssh.c | 4 +- ssh_config | 2 + ssh_config.5 | 57 ++++++ sshconnect2.c | 140 ++++++++++++- sshd.c | 120 ++++++++++- sshd_config | 2 + sshd_config.5 | 30 +++ sshkey.c | 3 +- sshkey.h | 1 + 40 files changed, 2664 insertions(+), 160 deletions(-) create mode 100644 kexgssc.c create mode 100644 kexgsss.c diff --git a/Makefile.in b/Makefile.in index 6f001bb36..c31821acc 100644 --- a/Makefile.in +++ b/Makefile.in @@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexgexc.o kexgexs.o \ sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ + kexgssc.o \ platform-pledge.o platform-tracing.o platform-misc.o @@ -114,7 +115,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o \ monitor.o monitor_wrap.o auth-krb5.o \ - auth2-gss.o gss-serv.o gss-serv-krb5.o \ + auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ diff --git a/auth-krb5.c b/auth-krb5.c index 3096f1c8e..204752e1b 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) len = strlen(authctxt->krb5_ticket_file) + 6; authctxt->krb5_ccname = xmalloc(len); +#ifdef USE_CCAPI + snprintf(authctxt->krb5_ccname, len, "API:%s", + authctxt->krb5_ticket_file); +#else snprintf(authctxt->krb5_ccname, len, "FILE:%s", authctxt->krb5_ticket_file); +#endif #ifdef USE_PAM if (options.use_pam) @@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt) #ifndef HEIMDAL krb5_error_code ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { - int tmpfd, ret, oerrno; + int ret, oerrno; char ccname[40]; mode_t old_umask; +#ifdef USE_CCAPI + char cctemplate[] = "API:krb5cc_%d"; +#else + char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX"; + int tmpfd; +#endif ret = snprintf(ccname, sizeof(ccname), - "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); + cctemplate, geteuid()); if (ret < 0 || (size_t)ret >= sizeof(ccname)) return ENOMEM; +#ifndef USE_CCAPI old_umask = umask(0177); tmpfd = mkstemp(ccname + strlen("FILE:")); oerrno = errno; @@ -265,6 +277,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { return oerrno; } close(tmpfd); +#endif return (krb5_cc_resolve(ctx, ccname, ccache)); } diff --git a/auth.c b/auth.c index 8696f258e..f7a23afba 100644 --- a/auth.c +++ b/auth.c @@ -399,7 +399,8 @@ auth_root_allowed(struct ssh *ssh, const char *method) case PERMIT_NO_PASSWD: if (strcmp(method, "publickey") == 0 || strcmp(method, "hostbased") == 0 || - strcmp(method, "gssapi-with-mic") == 0) + strcmp(method, "gssapi-with-mic") == 0 || + strcmp(method, "gssapi-keyex") == 0) return 1; break; case PERMIT_FORCED_ONLY: @@ -723,99 +724,6 @@ fakepw(void) return (&fake); } -/* - * Returns the remote DNS hostname as a string. The returned string must not - * be freed. NB. this will usually trigger a DNS query the first time it is - * called. - * This function does additional checks on the hostname to mitigate some - * attacks on legacy rhosts-style authentication. - * XXX is RhostsRSAAuthentication vulnerable to these? - * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) - */ - -static char * -remote_hostname(struct ssh *ssh) -{ - struct sockaddr_storage from; - socklen_t fromlen; - struct addrinfo hints, *ai, *aitop; - char name[NI_MAXHOST], ntop2[NI_MAXHOST]; - const char *ntop = ssh_remote_ipaddr(ssh); - - /* Get IP address of client. */ - fromlen = sizeof(from); - memset(&from, 0, sizeof(from)); - if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { - debug("getpeername failed: %.100s", strerror(errno)); - return strdup(ntop); - } - - ipv64_normalise_mapped(&from, &fromlen); - if (from.ss_family == AF_INET6) - fromlen = sizeof(struct sockaddr_in6); - - debug3("Trying to reverse map address %.100s.", ntop); - /* Map the IP address to a host name. */ - if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), - NULL, 0, NI_NAMEREQD) != 0) { - /* Host name not found. Use ip address. */ - return strdup(ntop); - } - - /* - * if reverse lookup result looks like a numeric hostname, - * someone is trying to trick us by PTR record like following: - * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 - */ - memset(&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_DGRAM; /*dummy*/ - hints.ai_flags = AI_NUMERICHOST; - if (getaddrinfo(name, NULL, &hints, &ai) == 0) { - logit("Nasty PTR record \"%s\" is set up for %s, ignoring", - name, ntop); - freeaddrinfo(ai); - return strdup(ntop); - } - - /* Names are stored in lowercase. */ - lowercase(name); - - /* - * Map it back to an IP address and check that the given - * address actually is an address of this host. This is - * necessary because anyone with access to a name server can - * define arbitrary names for an IP address. Mapping from - * name to IP address can be trusted better (but can still be - * fooled if the intruder has access to the name server of - * the domain). - */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = from.ss_family; - hints.ai_socktype = SOCK_STREAM; - if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { - logit("reverse mapping checking getaddrinfo for %.700s " - "[%s] failed.", name, ntop); - return strdup(ntop); - } - /* Look for the address from the list of addresses. */ - for (ai = aitop; ai; ai = ai->ai_next) { - if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, - sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && - (strcmp(ntop, ntop2) == 0)) - break; - } - freeaddrinfo(aitop); - /* If we reached the end of the list, the address was not there. */ - if (ai == NULL) { - /* Address not found for the host name. */ - logit("Address %.100s maps to %.600s, but this does not " - "map back to the address.", ntop, name); - return strdup(ntop); - } - return strdup(name); -} - /* * Return the canonical name of the host in the other side of the current * connection. The host name is cached, so it is efficient to call this diff --git a/auth2-gss.c b/auth2-gss.c index 9351e0428..d6446c0cf 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,7 +1,7 @@ /* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */ /* - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. + * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -54,6 +54,48 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh); static int input_gssapi_errtok(int, u_int32_t, struct ssh *); +/* + * The 'gssapi_keyex' userauth mechanism. + */ +static int +userauth_gsskeyex(struct ssh *ssh) +{ + Authctxt *authctxt = ssh->authctxt; + int r, authenticated = 0; + struct sshbuf *b = NULL; + gss_buffer_desc mic, gssbuf; + u_char *p; + size_t len; + + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + + mic.value = p; + mic.length = len; + + ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, + "gssapi-keyex"); + + if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) + fatal("%s: sshbuf_mutable_ptr failed", __func__); + gssbuf.length = sshbuf_len(b); + + /* gss_kex_context is NULL with privsep, so we can't check it here */ + if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, + &gssbuf, &mic)))) + authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, + authctxt->pw, 1)); + + sshbuf_free(b); + free(mic.value); + + return (authenticated); +} + /* * We only support those mechanisms that we know about (ie ones that we know * how to check local user kuserok and the like) @@ -260,7 +302,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); - authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); + authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, + authctxt->pw, 1)); if ((!use_privsep || mm_is_monitor()) && (displayname = ssh_gssapi_displayname()) != NULL) @@ -306,7 +349,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) gssbuf.length = sshbuf_len(b); if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) - authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); + authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, + authctxt->pw, 0)); else logit("GSSAPI MIC check failed"); @@ -326,6 +370,12 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) return 0; } +Authmethod method_gsskeyex = { + "gssapi-keyex", + userauth_gsskeyex, + &options.gss_authentication +}; + Authmethod method_gssapi = { "gssapi-with-mic", userauth_gssapi, diff --git a/auth2.c b/auth2.c index 16ae1a363..7417eafa4 100644 --- a/auth2.c +++ b/auth2.c @@ -75,6 +75,7 @@ extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; #ifdef GSSAPI +extern Authmethod method_gsskeyex; extern Authmethod method_gssapi; #endif @@ -82,6 +83,7 @@ Authmethod *authmethods[] = { &method_none, &method_pubkey, #ifdef GSSAPI + &method_gsskeyex, &method_gssapi, #endif &method_passwd, diff --git a/canohost.c b/canohost.c index f71a08568..404731d24 100644 --- a/canohost.c +++ b/canohost.c @@ -35,6 +35,99 @@ #include "canohost.h" #include "misc.h" +/* + * Returns the remote DNS hostname as a string. The returned string must not + * be freed. NB. this will usually trigger a DNS query the first time it is + * called. + * This function does additional checks on the hostname to mitigate some + * attacks on legacy rhosts-style authentication. + * XXX is RhostsRSAAuthentication vulnerable to these? + * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) + */ + +char * +remote_hostname(struct ssh *ssh) +{ + struct sockaddr_storage from; + socklen_t fromlen; + struct addrinfo hints, *ai, *aitop; + char name[NI_MAXHOST], ntop2[NI_MAXHOST]; + const char *ntop = ssh_remote_ipaddr(ssh); + + /* Get IP address of client. */ + fromlen = sizeof(from); + memset(&from, 0, sizeof(from)); + if (getpeername(ssh_packet_get_connection_in(ssh), + (struct sockaddr *)&from, &fromlen) < 0) { + debug("getpeername failed: %.100s", strerror(errno)); + return strdup(ntop); + } + + ipv64_normalise_mapped(&from, &fromlen); + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); + + debug3("Trying to reverse map address %.100s.", ntop); + /* Map the IP address to a host name. */ + if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), + NULL, 0, NI_NAMEREQD) != 0) { + /* Host name not found. Use ip address. */ + return strdup(ntop); + } + + /* + * if reverse lookup result looks like a numeric hostname, + * someone is trying to trick us by PTR record like following: + * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 + */ + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + hints.ai_flags = AI_NUMERICHOST; + if (getaddrinfo(name, NULL, &hints, &ai) == 0) { + logit("Nasty PTR record \"%s\" is set up for %s, ignoring", + name, ntop); + freeaddrinfo(ai); + return strdup(ntop); + } + + /* Names are stored in lowercase. */ + lowercase(name); + + /* + * Map it back to an IP address and check that the given + * address actually is an address of this host. This is + * necessary because anyone with access to a name server can + * define arbitrary names for an IP address. Mapping from + * name to IP address can be trusted better (but can still be + * fooled if the intruder has access to the name server of + * the domain). + */ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = from.ss_family; + hints.ai_socktype = SOCK_STREAM; + if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { + logit("reverse mapping checking getaddrinfo for %.700s " + "[%s] failed.", name, ntop); + return strdup(ntop); + } + /* Look for the address from the list of addresses. */ + for (ai = aitop; ai; ai = ai->ai_next) { + if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, + sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && + (strcmp(ntop, ntop2) == 0)) + break; + } + freeaddrinfo(aitop); + /* If we reached the end of the list, the address was not there. */ + if (ai == NULL) { + /* Address not found for the host name. */ + logit("Address %.100s maps to %.600s, but this does not " + "map back to the address.", ntop, name); + return strdup(ntop); + } + return strdup(name); +} + void ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) { diff --git a/canohost.h b/canohost.h index 26d62855a..0cadc9f18 100644 --- a/canohost.h +++ b/canohost.h @@ -15,6 +15,9 @@ #ifndef _CANOHOST_H #define _CANOHOST_H +struct ssh; + +char *remote_hostname(struct ssh *); char *get_peer_ipaddr(int); int get_peer_port(int); char *get_local_ipaddr(int); diff --git a/clientloop.c b/clientloop.c index 086c0dfe8..9b90c64f3 100644 --- a/clientloop.c +++ b/clientloop.c @@ -112,6 +112,10 @@ #include "ssherr.h" #include "hostfile.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + /* import options */ extern Options options; @@ -1374,9 +1378,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, break; /* Do channel operations unless rekeying in progress. */ - if (!ssh_packet_is_rekeying(ssh)) + if (!ssh_packet_is_rekeying(ssh)) { channel_after_select(ssh, readset, writeset); +#ifdef GSSAPI + if (options.gss_renewal_rekey && + ssh_gssapi_credentials_updated(NULL)) { + debug("credentials updated - forcing rekey"); + need_rekeying = 1; + } +#endif + } + /* Buffer input from the connection. */ client_process_net_input(ssh, readset); diff --git a/configure.ac b/configure.ac index 30be6c182..2869f7042 100644 --- a/configure.ac +++ b/configure.ac @@ -665,6 +665,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) [Use tunnel device compatibility to OpenBSD]) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], [Prepend the address family to IP tunnel traffic]) + AC_MSG_CHECKING([if we have the Security Authorization Session API]) + AC_TRY_COMPILE([#include ], + [SessionCreate(0, 0);], + [ac_cv_use_security_session_api="yes" + AC_DEFINE([USE_SECURITY_SESSION_API], [1], + [platform has the Security Authorization Session API]) + LIBS="$LIBS -framework Security" + AC_MSG_RESULT([yes])], + [ac_cv_use_security_session_api="no" + AC_MSG_RESULT([no])]) + AC_MSG_CHECKING([if we have an in-memory credentials cache]) + AC_TRY_COMPILE( + [#include ], + [cc_context_t c; + (void) cc_initialize (&c, 0, NULL, NULL);], + [AC_DEFINE([USE_CCAPI], [1], + [platform uses an in-memory credentials cache]) + LIBS="$LIBS -framework Security" + AC_MSG_RESULT([yes]) + if test "x$ac_cv_use_security_session_api" = "xno"; then + AC_MSG_ERROR([*** Need a security framework to use the credentials cache API ***]) + fi], + [AC_MSG_RESULT([no])] + ) m4_pattern_allow([AU_IPv]) AC_CHECK_DECL([AU_IPv4], [], AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) diff --git a/gss-genr.c b/gss-genr.c index d56257b4a..763a63ffa 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,7 +1,7 @@ /* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */ /* - * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -41,12 +41,36 @@ #include "sshbuf.h" #include "log.h" #include "ssh2.h" +#include "cipher.h" +#include "sshkey.h" +#include "kex.h" +#include "digest.h" +#include "packet.h" #include "ssh-gss.h" extern u_char *session_id2; extern u_int session_id2_len; +typedef struct { + char *encoded; + gss_OID oid; +} ssh_gss_kex_mapping; + +/* + * XXX - It would be nice to find a more elegant way of handling the + * XXX passing of the key exchange context to the userauth routines + */ + +Gssctxt *gss_kex_context = NULL; + +static ssh_gss_kex_mapping *gss_enc2oid = NULL; + +int +ssh_gssapi_oid_table_ok(void) { + return (gss_enc2oid != NULL); +} + /* sshbuf_get for gss_buffer_desc */ int ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) @@ -62,6 +86,162 @@ ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) return 0; } +/* sshpkt_get of gss_buffer_desc */ +int +ssh_gssapi_sshpkt_get_buffer_desc(struct ssh *ssh, gss_buffer_desc *g) +{ + int r; + u_char *p; + size_t len; + + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) + return r; + g->value = p; + g->length = len; + return 0; +} + +/* + * Return a list of the gss-group1-sha1 mechanisms supported by this program + * + * We test mechanisms to ensure that we can use them, to avoid starting + * a key exchange with a bad mechanism + */ + +char * +ssh_gssapi_client_mechanisms(const char *host, const char *client, + const char *kex) { + gss_OID_set gss_supported = NULL; + OM_uint32 min_status; + + if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported))) + return NULL; + + return ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism, + host, client, kex); +} + +char * +ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, + const char *host, const char *client, const char *kex) { + struct sshbuf *buf = NULL; + size_t i; + int r = SSH_ERR_ALLOC_FAIL; + int oidpos, enclen; + char *mechs, *encoded; + u_char digest[SSH_DIGEST_MAX_LENGTH]; + char deroid[2]; + struct ssh_digest_ctx *md = NULL; + char *s, *cp, *p; + + if (gss_enc2oid != NULL) { + for (i = 0; gss_enc2oid[i].encoded != NULL; i++) + free(gss_enc2oid[i].encoded); + free(gss_enc2oid); + } + + gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * + (gss_supported->count + 1)); + + if ((buf = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + + oidpos = 0; + s = cp = xstrdup(kex); + for (i = 0; i < gss_supported->count; i++) { + if (gss_supported->elements[i].length < 128 && + (*check)(NULL, &(gss_supported->elements[i]), host, client)) { + + deroid[0] = SSH_GSS_OIDTYPE; + deroid[1] = gss_supported->elements[i].length; + + if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || + (r = ssh_digest_update(md, deroid, 2)) != 0 || + (r = ssh_digest_update(md, + gss_supported->elements[i].elements, + gss_supported->elements[i].length)) != 0 || + (r = ssh_digest_final(md, digest, sizeof(digest))) != 0) + fatal("%s: digest failed: %s", __func__, + ssh_err(r)); + ssh_digest_free(md); + md = NULL; + + encoded = xmalloc(ssh_digest_bytes(SSH_DIGEST_MD5) + * 2); + enclen = __b64_ntop(digest, + ssh_digest_bytes(SSH_DIGEST_MD5), encoded, + ssh_digest_bytes(SSH_DIGEST_MD5) * 2); + + cp = strncpy(s, kex, strlen(kex)); + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + if (sshbuf_len(buf) != 0 && + (r = sshbuf_put_u8(buf, ',')) != 0) + fatal("%s: sshbuf_put_u8 error: %s", + __func__, ssh_err(r)); + if ((r = sshbuf_put(buf, p, strlen(p))) != 0 || + (r = sshbuf_put(buf, encoded, enclen)) != 0) + fatal("%s: sshbuf_put error: %s", + __func__, ssh_err(r)); + } + + gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]); + gss_enc2oid[oidpos].encoded = encoded; + oidpos++; + } + } + free(s); + gss_enc2oid[oidpos].oid = NULL; + gss_enc2oid[oidpos].encoded = NULL; + + if ((mechs = sshbuf_dup_string(buf)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); + + sshbuf_free(buf); + + if (strlen(mechs) == 0) { + free(mechs); + mechs = NULL; + } + + return (mechs); +} + +gss_OID +ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) { + int i = 0; + +#define SKIP_KEX_NAME(type) \ + case type: \ + if (strlen(name) < sizeof(type##_ID)) \ + return GSS_C_NO_OID; \ + name += sizeof(type##_ID) - 1; \ + break; + + switch (kex_type) { + SKIP_KEX_NAME(KEX_GSS_GRP1_SHA1) + SKIP_KEX_NAME(KEX_GSS_GRP14_SHA1) + SKIP_KEX_NAME(KEX_GSS_GRP14_SHA256) + SKIP_KEX_NAME(KEX_GSS_GRP16_SHA512) + SKIP_KEX_NAME(KEX_GSS_GEX_SHA1) + SKIP_KEX_NAME(KEX_GSS_NISTP256_SHA256) + SKIP_KEX_NAME(KEX_GSS_C25519_SHA256) + default: + return GSS_C_NO_OID; + } + +#undef SKIP_KEX_NAME + + while (gss_enc2oid[i].encoded != NULL && + strcmp(name, gss_enc2oid[i].encoded) != 0) + i++; + + if (gss_enc2oid[i].oid != NULL && ctx != NULL) + ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid); + + return gss_enc2oid[i].oid; +} + /* Check that the OID in a data stream matches that in the context */ int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) @@ -218,7 +398,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, } ctx->major = gss_init_sec_context(&ctx->minor, - GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, + ctx->client_creds, &ctx->context, ctx->name, ctx->oid, GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 0, NULL, recv_tok, NULL, send_tok, flags, NULL); @@ -247,9 +427,43 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) return (ctx->major); } +OM_uint32 +ssh_gssapi_client_identity(Gssctxt *ctx, const char *name) +{ + gss_buffer_desc gssbuf; + gss_name_t gssname; + OM_uint32 status; + gss_OID_set oidset; + + gssbuf.value = (void *) name; + gssbuf.length = strlen(gssbuf.value); + + gss_create_empty_oid_set(&status, &oidset); + gss_add_oid_set_member(&status, ctx->oid, &oidset); + + ctx->major = gss_import_name(&ctx->minor, &gssbuf, + GSS_C_NT_USER_NAME, &gssname); + + if (!ctx->major) + ctx->major = gss_acquire_cred(&ctx->minor, + gssname, 0, oidset, GSS_C_INITIATE, + &ctx->client_creds, NULL, NULL); + + gss_release_name(&status, &gssname); + gss_release_oid_set(&status, &oidset); + + if (ctx->major) + ssh_gssapi_error(ctx); + + return(ctx->major); +} + OM_uint32 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) { + if (ctx == NULL) + return -1; + if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, GSS_C_QOP_DEFAULT, buffer, hash))) ssh_gssapi_error(ctx); @@ -257,6 +471,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) return (ctx->major); } +/* Priviledged when used by server */ +OM_uint32 +ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) +{ + if (ctx == NULL) + return -1; + + ctx->major = gss_verify_mic(&ctx->minor, ctx->context, + gssbuf, gssmic, NULL); + + return (ctx->major); +} + void ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, const char *context) @@ -273,11 +500,16 @@ ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, } int -ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) +ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host, + const char *client) { gss_buffer_desc token = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; + Gssctxt *intctx = NULL; + + if (ctx == NULL) + ctx = &intctx; /* RFC 4462 says we MUST NOT do SPNEGO */ if (oid->length == spnego_oid.length && @@ -287,6 +519,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) ssh_gssapi_build_ctx(ctx); ssh_gssapi_set_oid(*ctx, oid); major = ssh_gssapi_import_name(*ctx, host); + + if (!GSS_ERROR(major) && client) + major = ssh_gssapi_client_identity(*ctx, client); + if (!GSS_ERROR(major)) { major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL); @@ -296,10 +532,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) GSS_C_NO_BUFFER); } - if (GSS_ERROR(major)) + if (GSS_ERROR(major) || intctx != NULL) ssh_gssapi_delete_ctx(ctx); return (!GSS_ERROR(major)); } +int +ssh_gssapi_credentials_updated(Gssctxt *ctxt) { + static gss_name_t saved_name = GSS_C_NO_NAME; + static OM_uint32 saved_lifetime = 0; + static gss_OID saved_mech = GSS_C_NO_OID; + static gss_name_t name; + static OM_uint32 last_call = 0; + OM_uint32 lifetime, now, major, minor; + int equal; + + now = time(NULL); + + if (ctxt) { + debug("Rekey has happened - updating saved versions"); + + if (saved_name != GSS_C_NO_NAME) + gss_release_name(&minor, &saved_name); + + major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, + &saved_name, &saved_lifetime, NULL, NULL); + + if (!GSS_ERROR(major)) { + saved_mech = ctxt->oid; + saved_lifetime+= now; + } else { + /* Handle the error */ + } + return 0; + } + + if (now - last_call < 10) + return 0; + + last_call = now; + + if (saved_mech == GSS_C_NO_OID) + return 0; + + major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, + &name, &lifetime, NULL, NULL); + if (major == GSS_S_CREDENTIALS_EXPIRED) + return 0; + else if (GSS_ERROR(major)) + return 0; + + major = gss_compare_name(&minor, saved_name, name, &equal); + gss_release_name(&minor, &name); + if (GSS_ERROR(major)) + return 0; + + if (equal && (saved_lifetime < lifetime + now - 10)) + return 1; + + return 0; +} + #endif /* GSSAPI */ diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index a151bc1e4..ef9beb67c 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,7 +1,7 @@ /* $OpenBSD: gss-serv-krb5.c,v 1.9 2018/07/09 21:37:55 markus Exp $ */ /* - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. + * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -120,8 +120,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) krb5_error_code problem; krb5_principal princ; OM_uint32 maj_status, min_status; - int len; const char *errmsg; + const char *new_ccname; if (client->creds == NULL) { debug("No credentials stored"); @@ -180,11 +180,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; } - client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); + new_ccname = krb5_cc_get_name(krb_context, ccache); + client->store.envvar = "KRB5CCNAME"; - len = strlen(client->store.filename) + 6; - client->store.envval = xmalloc(len); - snprintf(client->store.envval, len, "FILE:%s", client->store.filename); +#ifdef USE_CCAPI + xasprintf(&client->store.envval, "API:%s", new_ccname); + client->store.filename = NULL; +#else + xasprintf(&client->store.envval, "FILE:%s", new_ccname); + client->store.filename = xstrdup(new_ccname); +#endif #ifdef USE_PAM if (options.use_pam) @@ -196,6 +201,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; } +int +ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store, + ssh_gssapi_client *client) +{ + krb5_ccache ccache = NULL; + krb5_principal principal = NULL; + char *name = NULL; + krb5_error_code problem; + OM_uint32 maj_status, min_status; + + if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) { + logit("krb5_cc_resolve(): %.100s", + krb5_get_err_text(krb_context, problem)); + return 0; + } + + /* Find out who the principal in this cache is */ + if ((problem = krb5_cc_get_principal(krb_context, ccache, + &principal))) { + logit("krb5_cc_get_principal(): %.100s", + krb5_get_err_text(krb_context, problem)); + krb5_cc_close(krb_context, ccache); + return 0; + } + + if ((problem = krb5_unparse_name(krb_context, principal, &name))) { + logit("krb5_unparse_name(): %.100s", + krb5_get_err_text(krb_context, problem)); + krb5_free_principal(krb_context, principal); + krb5_cc_close(krb_context, ccache); + return 0; + } + + + if (strcmp(name,client->exportedname.value)!=0) { + debug("Name in local credentials cache differs. Not storing"); + krb5_free_principal(krb_context, principal); + krb5_cc_close(krb_context, ccache); + krb5_free_unparsed_name(krb_context, name); + return 0; + } + krb5_free_unparsed_name(krb_context, name); + + /* Name matches, so lets get on with it! */ + + if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) { + logit("krb5_cc_initialize(): %.100s", + krb5_get_err_text(krb_context, problem)); + krb5_free_principal(krb_context, principal); + krb5_cc_close(krb_context, ccache); + return 0; + } + + krb5_free_principal(krb_context, principal); + + if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds, + ccache))) { + logit("gss_krb5_copy_ccache() failed. Sorry!"); + krb5_cc_close(krb_context, ccache); + return 0; + } + + return 1; +} + ssh_gssapi_mech gssapi_kerberos_mech = { "toWM5Slw5Ew8Mqkay+al2g==", "Kerberos", @@ -203,7 +273,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { NULL, &ssh_gssapi_krb5_userok, NULL, - &ssh_gssapi_krb5_storecreds + &ssh_gssapi_krb5_storecreds, + &ssh_gssapi_krb5_updatecreds }; #endif /* KRB5 */ diff --git a/gss-serv.c b/gss-serv.c index ab3a15f0f..1d47870e7 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,7 +1,7 @@ /* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */ /* - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -44,17 +44,19 @@ #include "session.h" #include "misc.h" #include "servconf.h" +#include "uidswap.h" #include "ssh-gss.h" +#include "monitor_wrap.h" extern ServerOptions options; static ssh_gssapi_client gssapi_client = - { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; + { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL, + GSS_C_NO_NAME, NULL, {NULL, NULL, NULL, NULL, NULL}, 0, 0}; ssh_gssapi_mech gssapi_null_mech = - { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; + { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL}; #ifdef KRB5 extern ssh_gssapi_mech gssapi_kerberos_mech; @@ -140,6 +142,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) return (ssh_gssapi_acquire_cred(*ctx)); } +/* Unprivileged */ +char * +ssh_gssapi_server_mechanisms(void) { + if (supported_oids == NULL) + ssh_gssapi_prepare_supported_oids(); + return (ssh_gssapi_kex_mechs(supported_oids, + &ssh_gssapi_server_check_mech, NULL, NULL, + options.gss_kex_algorithms)); +} + +/* Unprivileged */ +int +ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data, + const char *dummy) { + Gssctxt *ctx = NULL; + int res; + + res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid))); + ssh_gssapi_delete_ctx(&ctx); + + return (res); +} + /* Unprivileged */ void ssh_gssapi_supported_oids(gss_OID_set *oidset) @@ -150,7 +175,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) gss_OID_set supported; gss_create_empty_oid_set(&min_status, oidset); - gss_indicate_mechs(&min_status, &supported); + + if (GSS_ERROR(gss_indicate_mechs(&min_status, &supported))) + return; while (supported_mechs[i]->name != NULL) { if (GSS_ERROR(gss_test_oid_set_member(&min_status, @@ -276,8 +303,48 @@ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) { int i = 0; + int equal = 0; + gss_name_t new_name = GSS_C_NO_NAME; + gss_buffer_desc ename = GSS_C_EMPTY_BUFFER; + + if (options.gss_store_rekey && client->used && ctx->client_creds) { + if (client->mech->oid.length != ctx->oid->length || + (memcmp(client->mech->oid.elements, + ctx->oid->elements, ctx->oid->length) !=0)) { + debug("Rekeyed credentials have different mechanism"); + return GSS_S_COMPLETE; + } + + if ((ctx->major = gss_inquire_cred_by_mech(&ctx->minor, + ctx->client_creds, ctx->oid, &new_name, + NULL, NULL, NULL))) { + ssh_gssapi_error(ctx); + return (ctx->major); + } + + ctx->major = gss_compare_name(&ctx->minor, client->name, + new_name, &equal); + + if (GSS_ERROR(ctx->major)) { + ssh_gssapi_error(ctx); + return (ctx->major); + } + + if (!equal) { + debug("Rekeyed credentials have different name"); + return GSS_S_COMPLETE; + } - gss_buffer_desc ename; + debug("Marking rekeyed credentials for export"); + + gss_release_name(&ctx->minor, &client->name); + gss_release_cred(&ctx->minor, &client->creds); + client->name = new_name; + client->creds = ctx->client_creds; + ctx->client_creds = GSS_C_NO_CREDENTIAL; + client->updated = 1; + return GSS_S_COMPLETE; + } client->mech = NULL; @@ -292,6 +359,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) if (client->mech == NULL) return GSS_S_FAILURE; + if (ctx->client_creds && + (ctx->major = gss_inquire_cred_by_mech(&ctx->minor, + ctx->client_creds, ctx->oid, &client->name, NULL, NULL, NULL))) { + ssh_gssapi_error(ctx); + return (ctx->major); + } + if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, &client->displayname, NULL))) { ssh_gssapi_error(ctx); @@ -309,6 +383,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) return (ctx->major); } + gss_release_buffer(&ctx->minor, &ename); + /* We can't copy this structure, so we just move the pointer to it */ client->creds = ctx->client_creds; ctx->client_creds = GSS_C_NO_CREDENTIAL; @@ -356,19 +432,23 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) /* Privileged */ int -ssh_gssapi_userok(char *user) +ssh_gssapi_userok(char *user, struct passwd *pw, int kex) { OM_uint32 lmin; + (void) kex; /* used in privilege separation */ + if (gssapi_client.exportedname.length == 0 || gssapi_client.exportedname.value == NULL) { debug("No suitable client data"); return 0; } if (gssapi_client.mech && gssapi_client.mech->userok) - if ((*gssapi_client.mech->userok)(&gssapi_client, user)) + if ((*gssapi_client.mech->userok)(&gssapi_client, user)) { + gssapi_client.used = 1; + gssapi_client.store.owner = pw; return 1; - else { + } else { /* Destroy delegated credentials if userok fails */ gss_release_buffer(&lmin, &gssapi_client.displayname); gss_release_buffer(&lmin, &gssapi_client.exportedname); @@ -382,14 +462,90 @@ ssh_gssapi_userok(char *user) return (0); } -/* Privileged */ -OM_uint32 -ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) +/* These bits are only used for rekeying. The unpriviledged child is running + * as the user, the monitor is root. + * + * In the child, we want to : + * *) Ask the monitor to store our credentials into the store we specify + * *) If it succeeds, maybe do a PAM update + */ + +/* Stuff for PAM */ + +#ifdef USE_PAM +static int ssh_gssapi_simple_conv(int n, const struct pam_message **msg, + struct pam_response **resp, void *data) { - ctx->major = gss_verify_mic(&ctx->minor, ctx->context, - gssbuf, gssmic, NULL); + return (PAM_CONV_ERR); +} +#endif - return (ctx->major); +void +ssh_gssapi_rekey_creds(void) { + int ok; +#ifdef USE_PAM + int ret; + pam_handle_t *pamh = NULL; + struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL}; + char *envstr; +#endif + + if (gssapi_client.store.filename == NULL && + gssapi_client.store.envval == NULL && + gssapi_client.store.envvar == NULL) + return; + + ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store)); + + if (!ok) + return; + + debug("Rekeyed credentials stored successfully"); + + /* Actually managing to play with the ssh pam stack from here will + * be next to impossible. In any case, we may want different options + * for rekeying. So, use our own :) + */ +#ifdef USE_PAM + if (!use_privsep) { + debug("Not even going to try and do PAM with privsep disabled"); + return; + } + + ret = pam_start("sshd-rekey", gssapi_client.store.owner->pw_name, + &pamconv, &pamh); + if (ret) + return; + + xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar, + gssapi_client.store.envval); + + ret = pam_putenv(pamh, envstr); + if (!ret) + pam_setcred(pamh, PAM_REINITIALIZE_CRED); + pam_end(pamh, PAM_SUCCESS); +#endif +} + +int +ssh_gssapi_update_creds(ssh_gssapi_ccache *store) { + int ok = 0; + + /* Check we've got credentials to store */ + if (!gssapi_client.updated) + return 0; + + gssapi_client.updated = 0; + + temporarily_use_uid(gssapi_client.store.owner); + if (gssapi_client.mech && gssapi_client.mech->updatecreds) + ok = (*gssapi_client.mech->updatecreds)(store, &gssapi_client); + else + debug("No update function for this mechanism"); + + restore_uid(); + + return ok; } /* Privileged */ diff --git a/hmac.c b/hmac.c index 1c879640c..a29f32c5c 100644 --- a/hmac.c +++ b/hmac.c @@ -19,6 +19,7 @@ #include #include +#include #include "sshbuf.h" #include "digest.h" diff --git a/kex.c b/kex.c index 34808b5c3..a2a4794e8 100644 --- a/kex.c +++ b/kex.c @@ -55,11 +55,16 @@ #include "misc.h" #include "dispatch.h" #include "monitor.h" +#include "xmalloc.h" #include "ssherr.h" #include "sshbuf.h" #include "digest.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + /* prototype */ static int kex_choose_conf(struct ssh *); static int kex_input_newkeys(int, u_int32_t, struct ssh *); @@ -113,15 +118,28 @@ static const struct kexalg kexalgs[] = { #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ { NULL, -1, -1, -1}, }; +static const struct kexalg gss_kexalgs[] = { +#ifdef GSSAPI + { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_GSS_GRP14_SHA256_ID, KEX_GSS_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, + { KEX_GSS_GRP16_SHA512_ID, KEX_GSS_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_GSS_NISTP256_SHA256_ID, KEX_GSS_NISTP256_SHA256, + NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, + { KEX_GSS_C25519_SHA256_ID, KEX_GSS_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif + { NULL, -1, -1, -1 }, +}; -char * -kex_alg_list(char sep) +static char * +kex_alg_list_internal(char sep, const struct kexalg *algs) { char *ret = NULL, *tmp; size_t nlen, rlen = 0; const struct kexalg *k; - for (k = kexalgs; k->name != NULL; k++) { + for (k = algs; k->name != NULL; k++) { if (ret != NULL) ret[rlen++] = sep; nlen = strlen(k->name); @@ -136,6 +154,18 @@ kex_alg_list(char sep) return ret; } +char * +kex_alg_list(char sep) +{ + return kex_alg_list_internal(sep, kexalgs); +} + +char * +kex_gss_alg_list(char sep) +{ + return kex_alg_list_internal(sep, gss_kexalgs); +} + static const struct kexalg * kex_alg_by_name(const char *name) { @@ -145,6 +175,10 @@ kex_alg_by_name(const char *name) if (strcmp(k->name, name) == 0) return k; } + for (k = gss_kexalgs; k->name != NULL; k++) { + if (strncmp(k->name, name, strlen(k->name)) == 0) + return k; + } return NULL; } @@ -301,6 +335,29 @@ kex_assemble_names(char **listp, const char *def, const char *all) return r; } +/* Validate GSS KEX method name list */ +int +kex_gss_names_valid(const char *names) +{ + char *s, *cp, *p; + + if (names == NULL || *names == '\0') + return 0; + s = cp = xstrdup(names); + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + if (strncmp(p, "gss-", 4) != 0 + || kex_alg_by_name(p) == NULL) { + error("Unsupported KEX algorithm \"%.100s\"", p); + free(s); + return 0; + } + } + debug3("gss kex names ok: [%s]", names); + free(s); + return 1; +} + /* put algorithm proposal into buffer */ int kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) @@ -657,6 +714,9 @@ kex_free(struct kex *kex) sshbuf_free(kex->server_version); sshbuf_free(kex->client_pub); free(kex->session_id); +#ifdef GSSAPI + free(kex->gss_host); +#endif /* GSSAPI */ free(kex->failed_choice); free(kex->hostkey_alg); free(kex->name); diff --git a/kex.h b/kex.h index 6d446d1cc..2d5f1d4ed 100644 --- a/kex.h +++ b/kex.h @@ -103,6 +103,15 @@ enum kex_exchange { KEX_ECDH_SHA2, KEX_C25519_SHA256, KEX_KEM_SNTRUP4591761X25519_SHA512, +#ifdef GSSAPI + KEX_GSS_GRP1_SHA1, + KEX_GSS_GRP14_SHA1, + KEX_GSS_GRP14_SHA256, + KEX_GSS_GRP16_SHA512, + KEX_GSS_GEX_SHA1, + KEX_GSS_NISTP256_SHA256, + KEX_GSS_C25519_SHA256, +#endif KEX_MAX }; @@ -154,6 +163,12 @@ struct kex { u_int flags; int hash_alg; int ec_nid; +#ifdef GSSAPI + int gss_deleg_creds; + int gss_trust_dns; + char *gss_host; + char *gss_client; +#endif char *failed_choice; int (*verify_host_key)(struct sshkey *, struct ssh *); struct sshkey *(*load_host_public_key)(int, int, struct ssh *); @@ -175,8 +190,10 @@ struct kex { int kex_names_valid(const char *); char *kex_alg_list(char); +char *kex_gss_alg_list(char); char *kex_names_cat(const char *, const char *); int kex_assemble_names(char **, const char *, const char *); +int kex_gss_names_valid(const char *); int kex_exchange_identification(struct ssh *, int, const char *); @@ -203,6 +220,12 @@ int kexgex_client(struct ssh *); int kexgex_server(struct ssh *); int kex_gen_client(struct ssh *); int kex_gen_server(struct ssh *); +#if defined(GSSAPI) && defined(WITH_OPENSSL) +int kexgssgex_client(struct ssh *); +int kexgssgex_server(struct ssh *); +int kexgss_client(struct ssh *); +int kexgss_server(struct ssh *); +#endif int kex_dh_keypair(struct kex *); int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, @@ -235,6 +258,12 @@ int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, const BIGNUM *, const u_char *, size_t, u_char *, size_t *); +int kex_gen_hash(int hash_alg, const struct sshbuf *client_version, + const struct sshbuf *server_version, const struct sshbuf *client_kexinit, + const struct sshbuf *server_kexinit, const struct sshbuf *server_host_key_blob, + const struct sshbuf *client_pub, const struct sshbuf *server_pub, + const struct sshbuf *shared_secret, u_char *hash, size_t *hashlen); + void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); diff --git a/kexdh.c b/kexdh.c index 67133e339..edaa46762 100644 --- a/kexdh.c +++ b/kexdh.c @@ -48,13 +48,23 @@ kex_dh_keygen(struct kex *kex) { switch (kex->kex_type) { case KEX_DH_GRP1_SHA1: +#ifdef GSSAPI + case KEX_GSS_GRP1_SHA1: +#endif kex->dh = dh_new_group1(); break; case KEX_DH_GRP14_SHA1: case KEX_DH_GRP14_SHA256: +#ifdef GSSAPI + case KEX_GSS_GRP14_SHA1: + case KEX_GSS_GRP14_SHA256: +#endif kex->dh = dh_new_group14(); break; case KEX_DH_GRP16_SHA512: +#ifdef GSSAPI + case KEX_GSS_GRP16_SHA512: +#endif kex->dh = dh_new_group16(); break; case KEX_DH_GRP18_SHA512: diff --git a/kexgen.c b/kexgen.c index 2abbb9ef6..569dc83f3 100644 --- a/kexgen.c +++ b/kexgen.c @@ -43,7 +43,7 @@ static int input_kex_gen_init(int, u_int32_t, struct ssh *); static int input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh); -static int +int kex_gen_hash( int hash_alg, const struct sshbuf *client_version, diff --git a/kexgssc.c b/kexgssc.c new file mode 100644 index 000000000..f6e1405eb --- /dev/null +++ b/kexgssc.c @@ -0,0 +1,606 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#if defined(GSSAPI) && defined(WITH_OPENSSL) + +#include "includes.h" + +#include +#include + +#include + +#include "xmalloc.h" +#include "sshbuf.h" +#include "ssh2.h" +#include "sshkey.h" +#include "cipher.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "digest.h" +#include "ssherr.h" + +#include "ssh-gss.h" + +int +kexgss_client(struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER, + recv_tok = GSS_C_EMPTY_BUFFER, + gssbuf, msg_tok = GSS_C_EMPTY_BUFFER, *token_ptr; + Gssctxt *ctxt; + OM_uint32 maj_status, min_status, ret_flags; + struct sshbuf *server_blob = NULL; + struct sshbuf *shared_secret = NULL; + struct sshbuf *server_host_key_blob = NULL; + struct sshbuf *empty = NULL; + u_char *msg; + int type = 0; + int first = 1; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t hashlen; + u_char c; + int r; + + /* Initialise our GSSAPI world */ + ssh_gssapi_build_ctx(&ctxt); + if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type) + == GSS_C_NO_OID) + fatal("Couldn't identify host exchange"); + + if (ssh_gssapi_import_name(ctxt, kex->gss_host)) + fatal("Couldn't import hostname"); + + if (kex->gss_client && + ssh_gssapi_client_identity(ctxt, kex->gss_client)) + fatal("Couldn't acquire client credentials"); + + /* Step 1 */ + switch (kex->kex_type) { + case KEX_GSS_GRP1_SHA1: + case KEX_GSS_GRP14_SHA1: + case KEX_GSS_GRP14_SHA256: + case KEX_GSS_GRP16_SHA512: + r = kex_dh_keypair(kex); + break; + case KEX_GSS_NISTP256_SHA256: + r = kex_ecdh_keypair(kex); + break; + case KEX_GSS_C25519_SHA256: + r = kex_c25519_keypair(kex); + break; + default: + fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); + } + if (r != 0) + return r; + + token_ptr = GSS_C_NO_BUFFER; + + do { + debug("Calling gss_init_sec_context"); + + maj_status = ssh_gssapi_init_ctx(ctxt, + kex->gss_deleg_creds, token_ptr, &send_tok, + &ret_flags); + + if (GSS_ERROR(maj_status)) { + /* XXX Useles code: Missing send? */ + if (send_tok.length != 0) { + if ((r = sshpkt_start(ssh, + SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } + fatal("gss_init_context failed"); + } + + /* If we've got an old receive buffer get rid of it */ + if (token_ptr != GSS_C_NO_BUFFER) + gss_release_buffer(&min_status, &recv_tok); + + if (maj_status == GSS_S_COMPLETE) { + /* If mutual state flag is not true, kex fails */ + if (!(ret_flags & GSS_C_MUTUAL_FLAG)) + fatal("Mutual authentication failed"); + + /* If integ avail flag is not true kex fails */ + if (!(ret_flags & GSS_C_INTEG_FLAG)) + fatal("Integrity check failed"); + } + + /* + * If we have data to send, then the last message that we + * received cannot have been a 'complete'. + */ + if (send_tok.length != 0) { + if (first) { + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_INIT)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0 || + (r = sshpkt_put_stringb(ssh, kex->client_pub)) != 0) + fatal("failed to construct packet: %s", ssh_err(r)); + first = 0; + } else { + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0) + fatal("failed to construct packet: %s", ssh_err(r)); + } + if ((r = sshpkt_send(ssh)) != 0) + fatal("failed to send packet: %s", ssh_err(r)); + gss_release_buffer(&min_status, &send_tok); + + /* If we've sent them data, they should reply */ + do { + type = ssh_packet_read(ssh); + if (type == SSH2_MSG_KEXGSS_HOSTKEY) { + debug("Received KEXGSS_HOSTKEY"); + if (server_host_key_blob) + fatal("Server host key received more than once"); + if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0) + fatal("Failed to read server host key: %s", ssh_err(r)); + } + } while (type == SSH2_MSG_KEXGSS_HOSTKEY); + + switch (type) { + case SSH2_MSG_KEXGSS_CONTINUE: + debug("Received GSSAPI_CONTINUE"); + if (maj_status == GSS_S_COMPLETE) + fatal("GSSAPI Continue received from server when complete"); + if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &recv_tok)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("Failed to read token: %s", ssh_err(r)); + break; + case SSH2_MSG_KEXGSS_COMPLETE: + debug("Received GSSAPI_COMPLETE"); + if (msg_tok.value != NULL) + fatal("Received GSSAPI_COMPLETE twice?"); + if ((r = sshpkt_getb_froms(ssh, &server_blob)) != 0 || + (r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &msg_tok)) != 0) + fatal("Failed to read message: %s", ssh_err(r)); + + /* Is there a token included? */ + if ((r = sshpkt_get_u8(ssh, &c)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + if (c) { + if ((r = ssh_gssapi_sshpkt_get_buffer_desc( + ssh, &recv_tok)) != 0) + fatal("Failed to read token: %s", ssh_err(r)); + /* If we're already complete - protocol error */ + if (maj_status == GSS_S_COMPLETE) + sshpkt_disconnect(ssh, "Protocol error: received token when complete"); + } else { + /* No token included */ + if (maj_status != GSS_S_COMPLETE) + sshpkt_disconnect(ssh, "Protocol error: did not receive final token"); + } + if ((r = sshpkt_get_end(ssh)) != 0) { + fatal("Expecting end of packet."); + } + break; + case SSH2_MSG_KEXGSS_ERROR: + debug("Received Error"); + if ((r = sshpkt_get_u32(ssh, &maj_status)) != 0 || + (r = sshpkt_get_u32(ssh, &min_status)) != 0 || + (r = sshpkt_get_string(ssh, &msg, NULL)) != 0 || + (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* lang tag */ + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt_get failed: %s", ssh_err(r)); + fatal("GSSAPI Error: \n%.400s", msg); + default: + sshpkt_disconnect(ssh, "Protocol error: didn't expect packet type %d", + type); + } + token_ptr = &recv_tok; + } else { + /* No data, and not complete */ + if (maj_status != GSS_S_COMPLETE) + fatal("Not complete, and no token output"); + } + } while (maj_status & GSS_S_CONTINUE_NEEDED); + + /* + * We _must_ have received a COMPLETE message in reply from the + * server, which will have set server_blob and msg_tok + */ + + if (type != SSH2_MSG_KEXGSS_COMPLETE) + fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it"); + + /* compute shared secret */ + switch (kex->kex_type) { + case KEX_GSS_GRP1_SHA1: + case KEX_GSS_GRP14_SHA1: + case KEX_GSS_GRP14_SHA256: + case KEX_GSS_GRP16_SHA512: + r = kex_dh_dec(kex, server_blob, &shared_secret); + break; + case KEX_GSS_C25519_SHA256: + if (sshbuf_ptr(server_blob)[sshbuf_len(server_blob)] & 0x80) + fatal("The received key has MSB of last octet set!"); + r = kex_c25519_dec(kex, server_blob, &shared_secret); + break; + case KEX_GSS_NISTP256_SHA256: + if (sshbuf_len(server_blob) != 65) + fatal("The received NIST-P256 key did not match" + "expected length (expected 65, got %zu)", sshbuf_len(server_blob)); + + if (sshbuf_ptr(server_blob)[0] != POINT_CONVERSION_UNCOMPRESSED) + fatal("The received NIST-P256 key does not have first octet 0x04"); + + r = kex_ecdh_dec(kex, server_blob, &shared_secret); + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + if (r != 0) + goto out; + + if ((empty = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + hashlen = sizeof(hash); + if ((r = kex_gen_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + kex->my, + kex->peer, + (server_host_key_blob ? server_host_key_blob : empty), + kex->client_pub, + server_blob, + shared_secret, + hash, &hashlen)) != 0) + fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); + + gssbuf.value = hash; + gssbuf.length = hashlen; + + /* Verify that the hash matches the MIC we just got. */ + if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) + sshpkt_disconnect(ssh, "Hash's MIC didn't verify"); + + gss_release_buffer(&min_status, &msg_tok); + + if (kex->gss_deleg_creds) + ssh_gssapi_credentials_updated(ctxt); + + if (gss_kex_context == NULL) + gss_kex_context = ctxt; + else + ssh_gssapi_delete_ctx(&ctxt); + + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); + +out: + explicit_bzero(hash, sizeof(hash)); + explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); + sshbuf_free(empty); + sshbuf_free(server_host_key_blob); + sshbuf_free(server_blob); + sshbuf_free(shared_secret); + sshbuf_free(kex->client_pub); + kex->client_pub = NULL; + return r; +} + +int +kexgssgex_client(struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER, + recv_tok = GSS_C_EMPTY_BUFFER, gssbuf, + msg_tok = GSS_C_EMPTY_BUFFER, *token_ptr; + Gssctxt *ctxt; + OM_uint32 maj_status, min_status, ret_flags; + struct sshbuf *shared_secret = NULL; + BIGNUM *p = NULL; + BIGNUM *g = NULL; + struct sshbuf *buf = NULL; + struct sshbuf *server_host_key_blob = NULL; + struct sshbuf *server_blob = NULL; + BIGNUM *dh_server_pub = NULL; + u_char *msg; + int type = 0; + int first = 1; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t hashlen; + const BIGNUM *pub_key, *dh_p, *dh_g; + int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX; + struct sshbuf *empty = NULL; + u_char c; + int r; + + /* Initialise our GSSAPI world */ + ssh_gssapi_build_ctx(&ctxt); + if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type) + == GSS_C_NO_OID) + fatal("Couldn't identify host exchange"); + + if (ssh_gssapi_import_name(ctxt, kex->gss_host)) + fatal("Couldn't import hostname"); + + if (kex->gss_client && + ssh_gssapi_client_identity(ctxt, kex->gss_client)) + fatal("Couldn't acquire client credentials"); + + debug("Doing group exchange"); + nbits = dh_estimate(kex->dh_need * 8); + + kex->min = DH_GRP_MIN; + kex->max = DH_GRP_MAX; + kex->nbits = nbits; + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_GROUPREQ)) != 0 || + (r = sshpkt_put_u32(ssh, min)) != 0 || + (r = sshpkt_put_u32(ssh, nbits)) != 0 || + (r = sshpkt_put_u32(ssh, max)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("Failed to construct a packet: %s", ssh_err(r)); + + if ((r = ssh_packet_read_expect(ssh, SSH2_MSG_KEXGSS_GROUP)) != 0) + fatal("Error: %s", ssh_err(r)); + + if ((r = sshpkt_get_bignum2(ssh, &p)) != 0 || + (r = sshpkt_get_bignum2(ssh, &g)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("shpkt_get_bignum2 failed: %s", ssh_err(r)); + + if (BN_num_bits(p) < min || BN_num_bits(p) > max) + fatal("GSSGRP_GEX group out of range: %d !< %d !< %d", + min, BN_num_bits(p), max); + + if ((kex->dh = dh_new_group(g, p)) == NULL) + fatal("dn_new_group() failed"); + p = g = NULL; /* belong to kex->dh now */ + + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) + goto out; + DH_get0_key(kex->dh, &pub_key, NULL); + + token_ptr = GSS_C_NO_BUFFER; + + do { + /* Step 2 - call GSS_Init_sec_context() */ + debug("Calling gss_init_sec_context"); + + maj_status = ssh_gssapi_init_ctx(ctxt, + kex->gss_deleg_creds, token_ptr, &send_tok, + &ret_flags); + + if (GSS_ERROR(maj_status)) { + /* XXX Useles code: Missing send? */ + if (send_tok.length != 0) { + if ((r = sshpkt_start(ssh, + SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } + fatal("gss_init_context failed"); + } + + /* If we've got an old receive buffer get rid of it */ + if (token_ptr != GSS_C_NO_BUFFER) + gss_release_buffer(&min_status, &recv_tok); + + if (maj_status == GSS_S_COMPLETE) { + /* If mutual state flag is not true, kex fails */ + if (!(ret_flags & GSS_C_MUTUAL_FLAG)) + fatal("Mutual authentication failed"); + + /* If integ avail flag is not true kex fails */ + if (!(ret_flags & GSS_C_INTEG_FLAG)) + fatal("Integrity check failed"); + } + + /* + * If we have data to send, then the last message that we + * received cannot have been a 'complete'. + */ + if (send_tok.length != 0) { + if (first) { + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_INIT)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0 || + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + first = 0; + } else { + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh,send_tok.value, + send_tok.length)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } + if ((r = sshpkt_send(ssh)) != 0) + fatal("sshpkt_send failed: %s", ssh_err(r)); + gss_release_buffer(&min_status, &send_tok); + + /* If we've sent them data, they should reply */ + do { + type = ssh_packet_read(ssh); + if (type == SSH2_MSG_KEXGSS_HOSTKEY) { + debug("Received KEXGSS_HOSTKEY"); + if (server_host_key_blob) + fatal("Server host key received more than once"); + if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } + } while (type == SSH2_MSG_KEXGSS_HOSTKEY); + + switch (type) { + case SSH2_MSG_KEXGSS_CONTINUE: + debug("Received GSSAPI_CONTINUE"); + if (maj_status == GSS_S_COMPLETE) + fatal("GSSAPI Continue received from server when complete"); + if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &recv_tok)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + break; + case SSH2_MSG_KEXGSS_COMPLETE: + debug("Received GSSAPI_COMPLETE"); + if (msg_tok.value != NULL) + fatal("Received GSSAPI_COMPLETE twice?"); + if ((r = sshpkt_getb_froms(ssh, &server_blob)) != 0 || + (r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &msg_tok)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + + /* Is there a token included? */ + if ((r = sshpkt_get_u8(ssh, &c)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + if (c) { + if ((r = ssh_gssapi_sshpkt_get_buffer_desc( + ssh, &recv_tok)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + /* If we're already complete - protocol error */ + if (maj_status == GSS_S_COMPLETE) + sshpkt_disconnect(ssh, "Protocol error: received token when complete"); + } else { + /* No token included */ + if (maj_status != GSS_S_COMPLETE) + sshpkt_disconnect(ssh, "Protocol error: did not receive final token"); + } + break; + case SSH2_MSG_KEXGSS_ERROR: + debug("Received Error"); + if ((r = sshpkt_get_u32(ssh, &maj_status)) != 0 || + (r = sshpkt_get_u32(ssh, &min_status)) != 0 || + (r = sshpkt_get_string(ssh, &msg, NULL)) != 0 || + (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* lang tag */ + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + fatal("GSSAPI Error: \n%.400s", msg); + default: + sshpkt_disconnect(ssh, "Protocol error: didn't expect packet type %d", + type); + } + token_ptr = &recv_tok; + } else { + /* No data, and not complete */ + if (maj_status != GSS_S_COMPLETE) + fatal("Not complete, and no token output"); + } + } while (maj_status & GSS_S_CONTINUE_NEEDED); + + /* + * We _must_ have received a COMPLETE message in reply from the + * server, which will have set dh_server_pub and msg_tok + */ + + if (type != SSH2_MSG_KEXGSS_COMPLETE) + fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it"); + + /* 7. C verifies that the key Q_S is valid */ + /* 8. C computes shared secret */ + if ((buf = sshbuf_new()) == NULL || + (r = sshbuf_put_stringb(buf, server_blob)) != 0 || + (r = sshbuf_get_bignum2(buf, &dh_server_pub)) != 0) + goto out; + sshbuf_free(buf); + buf = NULL; + + if ((shared_secret = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if ((r = kex_dh_compute_key(kex, dh_server_pub, shared_secret)) != 0) + goto out; + if ((empty = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); + hashlen = sizeof(hash); + if ((r = kexgex_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + kex->my, + kex->peer, + (server_host_key_blob ? server_host_key_blob : empty), + kex->min, kex->nbits, kex->max, + dh_p, dh_g, + pub_key, + dh_server_pub, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), + hash, &hashlen)) != 0) + fatal("Failed to calculate hash: %s", ssh_err(r)); + + gssbuf.value = hash; + gssbuf.length = hashlen; + + /* Verify that the hash matches the MIC we just got. */ + if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) + sshpkt_disconnect(ssh, "Hash's MIC didn't verify"); + + gss_release_buffer(&min_status, &msg_tok); + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = xmalloc(kex->session_id_len); + memcpy(kex->session_id, hash, kex->session_id_len); + } + + if (kex->gss_deleg_creds) + ssh_gssapi_credentials_updated(ctxt); + + if (gss_kex_context == NULL) + gss_kex_context = ctxt; + else + ssh_gssapi_delete_ctx(&ctxt); + + /* Finally derive the keys and send them */ + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); +out: + sshbuf_free(buf); + sshbuf_free(server_blob); + sshbuf_free(empty); + explicit_bzero(hash, sizeof(hash)); + DH_free(kex->dh); + kex->dh = NULL; + BN_clear_free(dh_server_pub); + sshbuf_free(shared_secret); + sshbuf_free(server_host_key_blob); + return r; +} +#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ diff --git a/kexgsss.c b/kexgsss.c new file mode 100644 index 000000000..60bc02deb --- /dev/null +++ b/kexgsss.c @@ -0,0 +1,474 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#if defined(GSSAPI) && defined(WITH_OPENSSL) + +#include + +#include +#include + +#include "xmalloc.h" +#include "sshbuf.h" +#include "ssh2.h" +#include "sshkey.h" +#include "cipher.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh-gss.h" +#include "monitor_wrap.h" +#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */ +#include "servconf.h" +#include "ssh-gss.h" +#include "digest.h" +#include "ssherr.h" + +extern ServerOptions options; + +int +kexgss_server(struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + OM_uint32 maj_status, min_status; + + /* + * Some GSSAPI implementations use the input value of ret_flags (an + * output variable) as a means of triggering mechanism specific + * features. Initializing it to zero avoids inadvertently + * activating this non-standard behaviour. + */ + + OM_uint32 ret_flags = 0; + gss_buffer_desc gssbuf, recv_tok, msg_tok; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + Gssctxt *ctxt = NULL; + struct sshbuf *shared_secret = NULL; + struct sshbuf *client_pubkey = NULL; + struct sshbuf *server_pubkey = NULL; + struct sshbuf *empty = sshbuf_new(); + int type = 0; + gss_OID oid; + char *mechs; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t hashlen; + int r; + + /* Initialise GSSAPI */ + + /* If we're rekeying, privsep means that some of the private structures + * in the GSSAPI code are no longer available. This kludges them back + * into life + */ + if (!ssh_gssapi_oid_table_ok()) { + mechs = ssh_gssapi_server_mechanisms(); + free(mechs); + } + + debug2("%s: Identifying %s", __func__, kex->name); + oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); + if (oid == GSS_C_NO_OID) + fatal("Unknown gssapi mechanism"); + + debug2("%s: Acquiring credentials", __func__); + + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) + fatal("Unable to acquire credentials for the server"); + + do { + debug("Wait SSH2_MSG_KEXGSS_INIT"); + type = ssh_packet_read(ssh); + switch(type) { + case SSH2_MSG_KEXGSS_INIT: + if (client_pubkey != NULL) + fatal("Received KEXGSS_INIT after initialising"); + if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &recv_tok)) != 0 || + (r = sshpkt_getb_froms(ssh, &client_pubkey)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + + switch (kex->kex_type) { + case KEX_GSS_GRP1_SHA1: + case KEX_GSS_GRP14_SHA1: + case KEX_GSS_GRP14_SHA256: + case KEX_GSS_GRP16_SHA512: + r = kex_dh_enc(kex, client_pubkey, &server_pubkey, + &shared_secret); + break; + case KEX_GSS_NISTP256_SHA256: + r = kex_ecdh_enc(kex, client_pubkey, &server_pubkey, + &shared_secret); + break; + case KEX_GSS_C25519_SHA256: + r = kex_c25519_enc(kex, client_pubkey, &server_pubkey, + &shared_secret); + break; + default: + fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); + } + if (r != 0) + goto out; + + /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */ + break; + case SSH2_MSG_KEXGSS_CONTINUE: + if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &recv_tok)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + break; + default: + sshpkt_disconnect(ssh, + "Protocol error: didn't expect packet type %d", + type); + } + + maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, + &send_tok, &ret_flags)); + + gss_release_buffer(&min_status, &recv_tok); + + if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) + fatal("Zero length token output when incomplete"); + + if (client_pubkey == NULL) + fatal("No client public key"); + + if (maj_status & GSS_S_CONTINUE_NEEDED) { + debug("Sending GSSAPI_CONTINUE"); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + gss_release_buffer(&min_status, &send_tok); + } + } while (maj_status & GSS_S_CONTINUE_NEEDED); + + if (GSS_ERROR(maj_status)) { + if (send_tok.length > 0) { + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } + fatal("accept_ctx died"); + } + + if (!(ret_flags & GSS_C_MUTUAL_FLAG)) + fatal("Mutual Authentication flag wasn't set"); + + if (!(ret_flags & GSS_C_INTEG_FLAG)) + fatal("Integrity flag wasn't set"); + + hashlen = sizeof(hash); + if ((r = kex_gen_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + kex->peer, + kex->my, + empty, + client_pubkey, + server_pubkey, + shared_secret, + hash, &hashlen)) != 0) + goto out; + + gssbuf.value = hash; + gssbuf.length = hashlen; + + if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt, &gssbuf, &msg_tok)))) + fatal("Couldn't get MIC"); + + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_COMPLETE)) != 0 || + (r = sshpkt_put_stringb(ssh, server_pubkey)) != 0 || + (r = sshpkt_put_string(ssh, msg_tok.value, msg_tok.length)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + + if (send_tok.length != 0) { + if ((r = sshpkt_put_u8(ssh, 1)) != 0 || /* true */ + (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } else { + if ((r = sshpkt_put_u8(ssh, 0)) != 0) /* false */ + fatal("sshpkt failed: %s", ssh_err(r)); + } + if ((r = sshpkt_send(ssh)) != 0) + fatal("sshpkt_send failed: %s", ssh_err(r)); + + gss_release_buffer(&min_status, &send_tok); + gss_release_buffer(&min_status, &msg_tok); + + if (gss_kex_context == NULL) + gss_kex_context = ctxt; + else + ssh_gssapi_delete_ctx(&ctxt); + + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); + + /* If this was a rekey, then save out any delegated credentials we + * just exchanged. */ + if (options.gss_store_rekey) + ssh_gssapi_rekey_creds(); +out: + sshbuf_free(empty); + explicit_bzero(hash, sizeof(hash)); + sshbuf_free(shared_secret); + sshbuf_free(client_pubkey); + sshbuf_free(server_pubkey); + return r; +} + +int +kexgssgex_server(struct ssh *ssh) +{ + struct kex *kex = ssh->kex; + OM_uint32 maj_status, min_status; + + /* + * Some GSSAPI implementations use the input value of ret_flags (an + * output variable) as a means of triggering mechanism specific + * features. Initializing it to zero avoids inadvertently + * activating this non-standard behaviour. + */ + + OM_uint32 ret_flags = 0; + gss_buffer_desc gssbuf, recv_tok, msg_tok; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + Gssctxt *ctxt = NULL; + struct sshbuf *shared_secret = NULL; + int type = 0; + gss_OID oid; + char *mechs; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t hashlen; + BIGNUM *dh_client_pub = NULL; + const BIGNUM *pub_key, *dh_p, *dh_g; + int min = -1, max = -1, nbits = -1; + int cmin = -1, cmax = -1; /* client proposal */ + struct sshbuf *empty = sshbuf_new(); + int r; + + /* Initialise GSSAPI */ + + /* If we're rekeying, privsep means that some of the private structures + * in the GSSAPI code are no longer available. This kludges them back + * into life + */ + if (!ssh_gssapi_oid_table_ok()) + if ((mechs = ssh_gssapi_server_mechanisms())) + free(mechs); + + debug2("%s: Identifying %s", __func__, kex->name); + oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); + if (oid == GSS_C_NO_OID) + fatal("Unknown gssapi mechanism"); + + debug2("%s: Acquiring credentials", __func__); + + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) + fatal("Unable to acquire credentials for the server"); + + /* 5. S generates an ephemeral key pair (do the allocations early) */ + debug("Doing group exchange"); + ssh_packet_read_expect(ssh, SSH2_MSG_KEXGSS_GROUPREQ); + /* store client proposal to provide valid signature */ + if ((r = sshpkt_get_u32(ssh, &cmin)) != 0 || + (r = sshpkt_get_u32(ssh, &nbits)) != 0 || + (r = sshpkt_get_u32(ssh, &cmax)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + kex->nbits = nbits; + kex->min = cmin; + kex->max = cmax; + min = MAX(DH_GRP_MIN, cmin); + max = MIN(DH_GRP_MAX, cmax); + nbits = MAXIMUM(DH_GRP_MIN, nbits); + nbits = MINIMUM(DH_GRP_MAX, nbits); + if (max < min || nbits < min || max < nbits) + fatal("GSS_GEX, bad parameters: %d !< %d !< %d", + min, nbits, max); + kex->dh = PRIVSEP(choose_dh(min, nbits, max)); + if (kex->dh == NULL) { + sshpkt_disconnect(ssh, "Protocol error: no matching group found"); + fatal("Protocol error: no matching group found"); + } + + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_GROUP)) != 0 || + (r = sshpkt_put_bignum2(ssh, dh_p)) != 0 || + (r = sshpkt_put_bignum2(ssh, dh_g)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + + if ((r = ssh_packet_write_wait(ssh)) != 0) + fatal("ssh_packet_write_wait: %s", ssh_err(r)); + + /* Compute our exchange value in parallel with the client */ + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) + goto out; + + do { + debug("Wait SSH2_MSG_GSSAPI_INIT"); + type = ssh_packet_read(ssh); + switch(type) { + case SSH2_MSG_KEXGSS_INIT: + if (dh_client_pub != NULL) + fatal("Received KEXGSS_INIT after initialising"); + if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &recv_tok)) != 0 || + (r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + + /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */ + break; + case SSH2_MSG_KEXGSS_CONTINUE: + if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh, + &recv_tok)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + break; + default: + sshpkt_disconnect(ssh, + "Protocol error: didn't expect packet type %d", + type); + } + + maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, + &send_tok, &ret_flags)); + + gss_release_buffer(&min_status, &recv_tok); + + if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) + fatal("Zero length token output when incomplete"); + + if (dh_client_pub == NULL) + fatal("No client public key"); + + if (maj_status & GSS_S_CONTINUE_NEEDED) { + debug("Sending GSSAPI_CONTINUE"); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + gss_release_buffer(&min_status, &send_tok); + } + } while (maj_status & GSS_S_CONTINUE_NEEDED); + + if (GSS_ERROR(maj_status)) { + if (send_tok.length > 0) { + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_CONTINUE)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } + fatal("accept_ctx died"); + } + + if (!(ret_flags & GSS_C_MUTUAL_FLAG)) + fatal("Mutual Authentication flag wasn't set"); + + if (!(ret_flags & GSS_C_INTEG_FLAG)) + fatal("Integrity flag wasn't set"); + + /* calculate shared secret */ + if ((shared_secret = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0) + goto out; + + DH_get0_key(kex->dh, &pub_key, NULL); + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); + hashlen = sizeof(hash); + if ((r = kexgex_hash( + kex->hash_alg, + kex->client_version, + kex->server_version, + kex->peer, + kex->my, + empty, + cmin, nbits, cmax, + dh_p, dh_g, + dh_client_pub, + pub_key, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), + hash, &hashlen)) != 0) + fatal("kexgex_hash failed: %s", ssh_err(r)); + + gssbuf.value = hash; + gssbuf.length = hashlen; + + if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt, &gssbuf, &msg_tok)))) + fatal("Couldn't get MIC"); + + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_COMPLETE)) != 0 || + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || + (r = sshpkt_put_string(ssh, msg_tok.value, msg_tok.length)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + + if (send_tok.length != 0) { + if ((r = sshpkt_put_u8(ssh, 1)) != 0 || /* true */ + (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + } else { + if ((r = sshpkt_put_u8(ssh, 0)) != 0) /* false */ + fatal("sshpkt failed: %s", ssh_err(r)); + } + if ((r = sshpkt_send(ssh)) != 0) + fatal("sshpkt failed: %s", ssh_err(r)); + + gss_release_buffer(&min_status, &send_tok); + gss_release_buffer(&min_status, &msg_tok); + + if (gss_kex_context == NULL) + gss_kex_context = ctxt; + else + ssh_gssapi_delete_ctx(&ctxt); + + /* Finally derive the keys and send them */ + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) + r = kex_send_newkeys(ssh); + + /* If this was a rekey, then save out any delegated credentials we + * just exchanged. */ + if (options.gss_store_rekey) + ssh_gssapi_rekey_creds(); +out: + sshbuf_free(empty); + explicit_bzero(hash, sizeof(hash)); + DH_free(kex->dh); + kex->dh = NULL; + BN_clear_free(dh_client_pub); + sshbuf_free(shared_secret); + return r; +} +#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ diff --git a/mac.c b/mac.c index 51dc11d76..3d11eba62 100644 --- a/mac.c +++ b/mac.c @@ -29,6 +29,7 @@ #include #include +#include #include "digest.h" #include "hmac.h" diff --git a/monitor.c b/monitor.c index 60e529444..0766d6ef5 100644 --- a/monitor.c +++ b/monitor.c @@ -147,6 +147,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *); int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *); int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *); +int mm_answer_gss_sign(struct ssh *, int, struct sshbuf *); +int mm_answer_gss_updatecreds(struct ssh *, int, struct sshbuf *); #endif #ifdef SSH_AUDIT_EVENTS @@ -219,11 +221,18 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, + {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, #endif {0, 0, NULL} }; struct mon_table mon_dispatch_postauth20[] = { +#ifdef GSSAPI + {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx}, + {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, + {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign}, + {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds}, +#endif #ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, #endif @@ -292,6 +301,10 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) /* Permit requests for moduli and signatures */ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); +#ifdef GSSAPI + /* and for the GSSAPI key exchange */ + monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); +#endif /* The first few requests do not require asynchronous access */ while (!authenticated) { @@ -405,6 +418,10 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor) monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); +#ifdef GSSAPI + /* and for the GSSAPI key exchange */ + monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); +#endif if (auth_opts->permit_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); @@ -1687,6 +1704,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) # ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kex_gen_server; # endif +# ifdef GSSAPI + if (options.gss_keyex) { + kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; + kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; + kex->kex[KEX_GSS_GRP14_SHA256] = kexgss_server; + kex->kex[KEX_GSS_GRP16_SHA512] = kexgss_server; + kex->kex[KEX_GSS_GEX_SHA1] = kexgssgex_server; + kex->kex[KEX_GSS_NISTP256_SHA256] = kexgss_server; + kex->kex[KEX_GSS_C25519_SHA256] = kexgss_server; + } +# endif #endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kex_gen_server; kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; @@ -1780,8 +1808,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) u_char *p; int r; - if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + if (!options.gss_authentication && !options.gss_keyex) + fatal("%s: GSSAPI not enabled", __func__); if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -1813,8 +1841,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) OM_uint32 flags = 0; /* GSI needs this */ int r; - if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + if (!options.gss_authentication && !options.gss_keyex) + fatal("%s: GSSAPI not enabled", __func__); if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -1834,6 +1862,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1); } return (0); } @@ -1845,8 +1874,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) OM_uint32 ret; int r; - if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + if (!options.gss_authentication && !options.gss_keyex) + fatal("%s: GSSAPI not enabled", __func__); if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) @@ -1872,13 +1901,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) int mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) { - int r, authenticated; + int r, authenticated, kex; const char *displayname; - if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + if (!options.gss_authentication && !options.gss_keyex) + fatal("%s: GSSAPI not enabled", __func__); - authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); + if ((r = sshbuf_get_u32(m, &kex)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + authenticated = authctxt->valid && + ssh_gssapi_userok(authctxt->user, authctxt->pw, kex); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, authenticated)) != 0) @@ -1887,7 +1920,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); - auth_method = "gssapi-with-mic"; + if (kex) { + auth_method = "gssapi-keyex"; + } else { + auth_method = "gssapi-with-mic"; + } if ((displayname = ssh_gssapi_displayname()) != NULL) auth2_record_info(authctxt, "%s", displayname); @@ -1895,5 +1932,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) /* Monitor loop will terminate if authenticated */ return (authenticated); } + +int +mm_answer_gss_sign(struct ssh *ssh, int socket, struct sshbuf *m) +{ + gss_buffer_desc data; + gss_buffer_desc hash = GSS_C_EMPTY_BUFFER; + OM_uint32 major, minor; + size_t len; + u_char *p = NULL; + int r; + + if (!options.gss_authentication && !options.gss_keyex) + fatal("%s: GSSAPI not enabled", __func__); + + if ((r = sshbuf_get_string(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + data.value = p; + data.length = len; + /* Lengths of SHA-1, SHA-256 and SHA-512 hashes that are used */ + if (data.length != 20 && data.length != 32 && data.length != 64) + fatal("%s: data length incorrect: %d", __func__, + (int) data.length); + + /* Save the session ID on the first time around */ + if (session_id2_len == 0) { + session_id2_len = data.length; + session_id2 = xmalloc(session_id2_len); + memcpy(session_id2, data.value, session_id2_len); + } + major = ssh_gssapi_sign(gsscontext, &data, &hash); + + free(data.value); + + sshbuf_reset(m); + + if ((r = sshbuf_put_u32(m, major)) != 0 || + (r = sshbuf_put_string(m, hash.value, hash.length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); + + gss_release_buffer(&minor, &hash); + + /* Turn on getpwnam permissions */ + monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); + + /* And credential updating, for when rekeying */ + monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1); + + return (0); +} + +int +mm_answer_gss_updatecreds(struct ssh *ssh, int socket, struct sshbuf *m) { + ssh_gssapi_ccache store; + int r, ok; + + if (!options.gss_authentication && !options.gss_keyex) + fatal("%s: GSSAPI not enabled", __func__); + + if ((r = sshbuf_get_string(m, (u_char **)&store.filename, NULL)) != 0 || + (r = sshbuf_get_string(m, (u_char **)&store.envvar, NULL)) != 0 || + (r = sshbuf_get_string(m, (u_char **)&store.envval, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + ok = ssh_gssapi_update_creds(&store); + + free(store.filename); + free(store.envvar); + free(store.envval); + + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, ok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m); + + return(0); +} + #endif /* GSSAPI */ diff --git a/monitor.h b/monitor.h index 683e5e071..2b1a2d590 100644 --- a/monitor.h +++ b/monitor.h @@ -63,6 +63,8 @@ enum monitor_reqtype { MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, + MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, + MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, }; struct ssh; diff --git a/monitor_wrap.c b/monitor_wrap.c index 186e8f022..8e4c1c1f8 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -978,13 +978,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) } int -mm_ssh_gssapi_userok(char *user) +mm_ssh_gssapi_userok(char *user, struct passwd *pw, int kex) { struct sshbuf *m; int r, authenticated = 0; if ((m = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, kex)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); mm_request_receive_expect(pmonitor->m_recvfd, @@ -997,4 +999,57 @@ mm_ssh_gssapi_userok(char *user) debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); return (authenticated); } + +OM_uint32 +mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) +{ + struct sshbuf *m; + OM_uint32 major; + int r; + + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, data->value, data->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m); + + if ((r = sshbuf_get_u32(m, &major)) != 0 || + (r = ssh_gssapi_get_buffer_desc(m, hash)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + sshbuf_free(m); + + return (major); +} + +int +mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) +{ + struct sshbuf *m; + int r, ok; + + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + + if ((r = sshbuf_put_cstring(m, + store->filename ? store->filename : "")) != 0 || + (r = sshbuf_put_cstring(m, + store->envvar ? store->envvar : "")) != 0 || + (r = sshbuf_put_cstring(m, + store->envval ? store->envval : "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m); + + if ((r = sshbuf_get_u32(m, &ok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + sshbuf_free(m); + + return (ok); +} + #endif /* GSSAPI */ diff --git a/monitor_wrap.h b/monitor_wrap.h index fdebb3aa4..69164a8c0 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -61,8 +61,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); -int mm_ssh_gssapi_userok(char *user); +int mm_ssh_gssapi_userok(char *user, struct passwd *, int kex); OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); +OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); +int mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *); #endif #ifdef USE_PAM diff --git a/readconf.c b/readconf.c index ec497e79f..4d699e5f1 100644 --- a/readconf.c +++ b/readconf.c @@ -67,6 +67,7 @@ #include "uidswap.h" #include "myproposal.h" #include "digest.h" +#include "ssh-gss.h" /* Format of the configuration file: @@ -162,6 +163,8 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, + oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, + oGssServerIdentity, oGssKexAlgorithms, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, @@ -202,10 +205,22 @@ static struct { /* Sometimes-unsupported options */ #if defined(GSSAPI) { "gssapiauthentication", oGssAuthentication }, + { "gssapikeyexchange", oGssKeyEx }, { "gssapidelegatecredentials", oGssDelegateCreds }, + { "gssapitrustdns", oGssTrustDns }, + { "gssapiclientidentity", oGssClientIdentity }, + { "gssapiserveridentity", oGssServerIdentity }, + { "gssapirenewalforcesrekey", oGssRenewalRekey }, + { "gssapikexalgorithms", oGssKexAlgorithms }, # else { "gssapiauthentication", oUnsupported }, + { "gssapikeyexchange", oUnsupported }, { "gssapidelegatecredentials", oUnsupported }, + { "gssapitrustdns", oUnsupported }, + { "gssapiclientidentity", oUnsupported }, + { "gssapiserveridentity", oUnsupported }, + { "gssapirenewalforcesrekey", oUnsupported }, + { "gssapikexalgorithms", oUnsupported }, #endif #ifdef ENABLE_PKCS11 { "pkcs11provider", oPKCS11Provider }, @@ -983,10 +998,42 @@ parse_time: intptr = &options->gss_authentication; goto parse_flag; + case oGssKeyEx: + intptr = &options->gss_keyex; + goto parse_flag; + case oGssDelegateCreds: intptr = &options->gss_deleg_creds; goto parse_flag; + case oGssTrustDns: + intptr = &options->gss_trust_dns; + goto parse_flag; + + case oGssClientIdentity: + charptr = &options->gss_client_identity; + goto parse_string; + + case oGssServerIdentity: + charptr = &options->gss_server_identity; + goto parse_string; + + case oGssRenewalRekey: + intptr = &options->gss_renewal_rekey; + goto parse_flag; + + case oGssKexAlgorithms: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + if (!kex_gss_names_valid(arg)) + fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", + filename, linenum, arg ? arg : ""); + if (*activep && options->gss_kex_algorithms == NULL) + options->gss_kex_algorithms = xstrdup(arg); + break; + case oBatchMode: intptr = &options->batch_mode; goto parse_flag; @@ -1854,7 +1901,13 @@ initialize_options(Options * options) options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; + options->gss_keyex = -1; options->gss_deleg_creds = -1; + options->gss_trust_dns = -1; + options->gss_renewal_rekey = -1; + options->gss_client_identity = NULL; + options->gss_server_identity = NULL; + options->gss_kex_algorithms = NULL; options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->kbd_interactive_devices = NULL; @@ -2000,8 +2053,18 @@ fill_default_options(Options * options) options->challenge_response_authentication = 1; if (options->gss_authentication == -1) options->gss_authentication = 0; + if (options->gss_keyex == -1) + options->gss_keyex = 0; if (options->gss_deleg_creds == -1) options->gss_deleg_creds = 0; + if (options->gss_trust_dns == -1) + options->gss_trust_dns = 0; + if (options->gss_renewal_rekey == -1) + options->gss_renewal_rekey = 0; +#ifdef GSSAPI + if (options->gss_kex_algorithms == NULL) + options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); +#endif if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) @@ -2616,7 +2679,14 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); #ifdef GSSAPI dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); + dump_cfg_fmtint(oGssKeyEx, o->gss_keyex); dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); + dump_cfg_fmtint(oGssTrustDns, o->gss_trust_dns); + dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey); + dump_cfg_string(oGssClientIdentity, o->gss_client_identity); + dump_cfg_string(oGssServerIdentity, o->gss_server_identity); + dump_cfg_string(oGssKexAlgorithms, o->gss_kex_algorithms ? + o->gss_kex_algorithms : GSS_KEX_DEFAULT_KEX); #endif /* GSSAPI */ dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); diff --git a/readconf.h b/readconf.h index 8e36bf32a..0bff6d80a 100644 --- a/readconf.h +++ b/readconf.h @@ -40,7 +40,13 @@ typedef struct { int challenge_response_authentication; /* Try S/Key or TIS, authentication. */ int gss_authentication; /* Try GSS authentication */ + int gss_keyex; /* Try GSS key exchange */ int gss_deleg_creds; /* Delegate GSS credentials */ + int gss_trust_dns; /* Trust DNS for GSS canonicalization */ + int gss_renewal_rekey; /* Credential renewal forces rekey */ + char *gss_client_identity; /* Principal to initiate GSSAPI with */ + char *gss_server_identity; /* GSSAPI target principal */ + char *gss_kex_algorithms; /* GSSAPI kex methods to be offered by client. */ int password_authentication; /* Try password * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ diff --git a/servconf.c b/servconf.c index ffac5d2c7..ffdad31e7 100644 --- a/servconf.c +++ b/servconf.c @@ -64,6 +64,7 @@ #include "auth.h" #include "myproposal.h" #include "digest.h" +#include "ssh-gss.h" static void add_listen_addr(ServerOptions *, const char *, const char *, int); @@ -124,8 +125,11 @@ initialize_server_options(ServerOptions *options) options->kerberos_ticket_cleanup = -1; options->kerberos_get_afs_token = -1; options->gss_authentication=-1; + options->gss_keyex = -1; options->gss_cleanup_creds = -1; options->gss_strict_acceptor = -1; + options->gss_store_rekey = -1; + options->gss_kex_algorithms = NULL; options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; @@ -351,10 +355,18 @@ fill_default_server_options(ServerOptions *options) options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) options->gss_authentication = 0; + if (options->gss_keyex == -1) + options->gss_keyex = 0; if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; if (options->gss_strict_acceptor == -1) options->gss_strict_acceptor = 1; + if (options->gss_store_rekey == -1) + options->gss_store_rekey = 0; +#ifdef GSSAPI + if (options->gss_kex_algorithms == NULL) + options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); +#endif if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) @@ -498,6 +510,7 @@ typedef enum { sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, + sGssKeyEx, sGssKexAlgorithms, sGssStoreRekey, sAcceptEnv, sSetEnv, sPermitTunnel, sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, @@ -572,12 +585,22 @@ static struct { #ifdef GSSAPI { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, + { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, + { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, + { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, + { "gssapikexalgorithms", sGssKexAlgorithms, SSHCFG_GLOBAL }, #else { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, + { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, + { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, + { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, + { "gssapikexalgorithms", sUnsupported, SSHCFG_GLOBAL }, #endif + { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, + { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, @@ -1485,6 +1508,10 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->gss_authentication; goto parse_flag; + case sGssKeyEx: + intptr = &options->gss_keyex; + goto parse_flag; + case sGssCleanupCreds: intptr = &options->gss_cleanup_creds; goto parse_flag; @@ -1493,6 +1520,22 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->gss_strict_acceptor; goto parse_flag; + case sGssStoreRekey: + intptr = &options->gss_store_rekey; + goto parse_flag; + + case sGssKexAlgorithms: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + if (!kex_gss_names_valid(arg)) + fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", + filename, linenum, arg ? arg : ""); + if (*activep && options->gss_kex_algorithms == NULL) + options->gss_kex_algorithms = xstrdup(arg); + break; + case sPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; @@ -2579,6 +2622,10 @@ dump_config(ServerOptions *o) #ifdef GSSAPI dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); + dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); + dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); + dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); + dump_cfg_string(sGssKexAlgorithms, o->gss_kex_algorithms); #endif dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); dump_cfg_fmtint(sKbdInteractiveAuthentication, diff --git a/servconf.h b/servconf.h index 54e0a8d8d..a476d5220 100644 --- a/servconf.h +++ b/servconf.h @@ -126,8 +126,11 @@ typedef struct { int kerberos_get_afs_token; /* If true, try to get AFS token if * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ + int gss_keyex; /* If true, permit GSSAPI key exchange */ int gss_cleanup_creds; /* If true, destroy cred cache on logout */ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ + int gss_store_rekey; + char *gss_kex_algorithms; /* GSSAPI kex methods to be offered by client. */ int password_authentication; /* If true, permit password * authentication. */ int kbd_interactive_authentication; /* If true, permit */ diff --git a/session.c b/session.c index ac06b08e9..ac3d9d19d 100644 --- a/session.c +++ b/session.c @@ -2674,13 +2674,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) #ifdef KRB5 if (options.kerberos_ticket_cleanup && - authctxt->krb5_ctx) + authctxt->krb5_ctx) { + temporarily_use_uid(authctxt->pw); krb5_cleanup_proc(authctxt); + restore_uid(); + } #endif #ifdef GSSAPI - if (options.gss_cleanup_creds) + if (options.gss_cleanup_creds) { + temporarily_use_uid(authctxt->pw); ssh_gssapi_cleanup_creds(); + restore_uid(); + } #endif /* remove agent socket */ diff --git a/ssh-gss.h b/ssh-gss.h index 36180d07a..70dd36658 100644 --- a/ssh-gss.h +++ b/ssh-gss.h @@ -1,6 +1,6 @@ /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ /* - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,10 +61,30 @@ #define SSH_GSS_OIDTYPE 0x06 +#define SSH2_MSG_KEXGSS_INIT 30 +#define SSH2_MSG_KEXGSS_CONTINUE 31 +#define SSH2_MSG_KEXGSS_COMPLETE 32 +#define SSH2_MSG_KEXGSS_HOSTKEY 33 +#define SSH2_MSG_KEXGSS_ERROR 34 +#define SSH2_MSG_KEXGSS_GROUPREQ 40 +#define SSH2_MSG_KEXGSS_GROUP 41 +#define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-" +#define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-" +#define KEX_GSS_GRP14_SHA256_ID "gss-group14-sha256-" +#define KEX_GSS_GRP16_SHA512_ID "gss-group16-sha512-" +#define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-" +#define KEX_GSS_NISTP256_SHA256_ID "gss-nistp256-sha256-" +#define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-" + +#define GSS_KEX_DEFAULT_KEX \ + KEX_GSS_GEX_SHA1_ID "," \ + KEX_GSS_GRP14_SHA1_ID + typedef struct { char *filename; char *envvar; char *envval; + struct passwd *owner; void *data; } ssh_gssapi_ccache; @@ -72,8 +92,11 @@ typedef struct { gss_buffer_desc displayname; gss_buffer_desc exportedname; gss_cred_id_t creds; + gss_name_t name; struct ssh_gssapi_mech_struct *mech; ssh_gssapi_ccache store; + int used; + int updated; } ssh_gssapi_client; typedef struct ssh_gssapi_mech_struct { @@ -84,6 +107,7 @@ typedef struct ssh_gssapi_mech_struct { int (*userok) (ssh_gssapi_client *, char *); int (*localname) (ssh_gssapi_client *, char **); void (*storecreds) (ssh_gssapi_client *); + int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *); } ssh_gssapi_mech; typedef struct { @@ -94,10 +118,11 @@ typedef struct { gss_OID oid; /* client */ gss_cred_id_t creds; /* server */ gss_name_t client; /* server */ - gss_cred_id_t client_creds; /* server */ + gss_cred_id_t client_creds; /* both */ } Gssctxt; extern ssh_gssapi_mech *supported_mechs[]; +extern Gssctxt *gss_kex_context; int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); @@ -109,6 +134,7 @@ OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); struct sshbuf; int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); +int ssh_gssapi_sshpkt_get_buffer_desc(struct ssh *, gss_buffer_desc *); OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, @@ -123,17 +149,33 @@ void ssh_gssapi_delete_ctx(Gssctxt **); OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); void ssh_gssapi_buildmic(struct sshbuf *, const char *, const char *, const char *); -int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); +int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *); +OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *); +int ssh_gssapi_credentials_updated(Gssctxt *); /* In the server */ +typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, + const char *); +char *ssh_gssapi_client_mechanisms(const char *, const char *, const char *); +char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *, + const char *, const char *); +gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); +int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, + const char *); OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); -int ssh_gssapi_userok(char *name); +int ssh_gssapi_userok(char *name, struct passwd *, int kex); OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); void ssh_gssapi_do_child(char ***, u_int *); void ssh_gssapi_cleanup_creds(void); void ssh_gssapi_storecreds(void); const char *ssh_gssapi_displayname(void); +char *ssh_gssapi_server_mechanisms(void); +int ssh_gssapi_oid_table_ok(void); + +int ssh_gssapi_update_creds(ssh_gssapi_ccache *store); +void ssh_gssapi_rekey_creds(void); + #endif /* GSSAPI */ #endif /* _SSH_GSS_H */ diff --git a/ssh.1 b/ssh.1 index 9480eba8d..a1c7d2305 100644 --- a/ssh.1 +++ b/ssh.1 @@ -497,7 +497,13 @@ For full details of the options listed below, and their possible values, see .It GatewayPorts .It GlobalKnownHostsFile .It GSSAPIAuthentication +.It GSSAPIKeyExchange +.It GSSAPIClientIdentity .It GSSAPIDelegateCredentials +.It GSSAPIKexAlgorithms +.It GSSAPIRenewalForcesRekey +.It GSSAPIServerIdentity +.It GSSAPITrustDns .It HashKnownHosts .It Host .It HostbasedAuthentication @@ -573,6 +579,8 @@ flag), (supported message integrity codes), .Ar kex (key exchange algorithms), +.Ar kex-gss +(GSSAPI key exchange algorithms), .Ar key (key types), .Ar key-cert diff --git a/ssh.c b/ssh.c index 91e7c3511..42be7d88f 100644 --- a/ssh.c +++ b/ssh.c @@ -736,6 +736,8 @@ main(int ac, char **av) cp = mac_alg_list('\n'); else if (strcmp(optarg, "kex") == 0) cp = kex_alg_list('\n'); + else if (strcmp(optarg, "kex-gss") == 0) + cp = kex_gss_alg_list('\n'); else if (strcmp(optarg, "key") == 0) cp = sshkey_alg_list(0, 0, 0, '\n'); else if (strcmp(optarg, "key-cert") == 0) @@ -748,7 +750,7 @@ main(int ac, char **av) cp = xstrdup("2"); else if (strcmp(optarg, "help") == 0) { cp = xstrdup( - "cipher\ncipher-auth\nkex\nkey\n" + "cipher\ncipher-auth\nkex\nkex-gss\nkey\n" "key-cert\nkey-plain\nmac\n" "protocol-version\nsig"); } diff --git a/ssh_config b/ssh_config index 5e8ef548b..1ff999b68 100644 --- a/ssh_config +++ b/ssh_config @@ -24,6 +24,8 @@ # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no +# GSSAPIKeyExchange no +# GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any diff --git a/ssh_config.5 b/ssh_config.5 index 412629637..c3c8b274a 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -754,10 +754,67 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Cm no . +.It Cm GSSAPIClientIdentity +If set, specifies the GSSAPI client identity that ssh should use when +connecting to the server. The default is unset, which means that the default +identity will be used. .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is .Cm no . +.It Cm GSSAPIKeyExchange +Specifies whether key exchange based on GSSAPI may be used. When using +GSSAPI key exchange the server need not have a host key. +The default is +.Dq no . +.It Cm GSSAPIRenewalForcesRekey +If set to +.Dq yes +then renewal of the client's GSSAPI credentials will force the rekeying of the +ssh connection. With a compatible server, this will delegate the renewed +credentials to a session on the server. +.Pp +Checks are made to ensure that credentials are only propagated when the new +credentials match the old ones on the originating client and where the +receiving server still has the old set in its cache. +.Pp +The default is +.Dq no . +.Pp +For this to work +.Cm GSSAPIKeyExchange +needs to be enabled in the server and also used by the client. +.It Cm GSSAPIServerIdentity +If set, specifies the GSSAPI server identity that ssh should expect when +connecting to the server. The default is unset, which means that the +expected GSSAPI server identity will be determined from the target +hostname. +.It Cm GSSAPITrustDns +Set to +.Dq yes +to indicate that the DNS is trusted to securely canonicalize +the name of the host being connected to. If +.Dq no , +the hostname entered on the +command line will be passed untouched to the GSSAPI library. +The default is +.Dq no . +.It Cm GSSAPIKexAlgorithms +The list of key exchange algorithms that are offered for GSSAPI +key exchange. Possible values are +.Bd -literal -offset 3n +gss-gex-sha1-, +gss-group1-sha1-, +gss-group14-sha1-, +gss-group14-sha256-, +gss-group16-sha512-, +gss-nistp256-sha256-, +gss-curve25519-sha256- +.Ed +.Pp +The default is +.Dq gss-gex-sha1-,gss-group14-sha1- . +This option only applies to protocol version 2 connections using GSSAPI. .It Cm HashKnownHosts Indicates that .Xr ssh 1 diff --git a/sshconnect2.c b/sshconnect2.c index dffee90b1..4020371ae 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -78,8 +78,6 @@ #endif /* import */ -extern char *client_version_string; -extern char *server_version_string; extern Options options; /* @@ -161,6 +159,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) char *s, *all_key; int r; +#if defined(GSSAPI) && defined(WITH_OPENSSL) + char *orig = NULL, *gss = NULL; + char *gss_host = NULL; +#endif + xxx_host = host; xxx_hostaddr = hostaddr; @@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) order_hostkeyalgs(host, hostaddr, port)); } +#if defined(GSSAPI) && defined(WITH_OPENSSL) + if (options.gss_keyex) { + /* Add the GSSAPI mechanisms currently supported on this + * client to the key exchange algorithm proposal */ + orig = myproposal[PROPOSAL_KEX_ALGS]; + + if (options.gss_server_identity) + gss_host = xstrdup(options.gss_server_identity); + else if (options.gss_trust_dns) + gss_host = remote_hostname(ssh); + else + gss_host = xstrdup(host); + + gss = ssh_gssapi_client_mechanisms(gss_host, + options.gss_client_identity, options.gss_kex_algorithms); + if (gss) { + debug("Offering GSSAPI proposal: %s", gss); + xasprintf(&myproposal[PROPOSAL_KEX_ALGS], + "%s,%s", gss, orig); + + /* If we've got GSSAPI algorithms, then we also support the + * 'null' hostkey, as a last resort */ + orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; + xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], + "%s,null", orig); + } + } +#endif + if (options.rekey_limit || options.rekey_interval) ssh_packet_set_rekey_limits(ssh, options.rekey_limit, options.rekey_interval); @@ -211,16 +243,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) # ifdef OPENSSL_HAS_ECC ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; # endif +# ifdef GSSAPI + if (options.gss_keyex) { + ssh->kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; + ssh->kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client; + ssh->kex->kex[KEX_GSS_GRP14_SHA256] = kexgss_client; + ssh->kex->kex[KEX_GSS_GRP16_SHA512] = kexgss_client; + ssh->kex->kex[KEX_GSS_GEX_SHA1] = kexgssgex_client; + ssh->kex->kex[KEX_GSS_NISTP256_SHA256] = kexgss_client; + ssh->kex->kex[KEX_GSS_C25519_SHA256] = kexgss_client; + } +# endif #endif ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; ssh->kex->verify_host_key=&verify_host_key_callback; +#if defined(GSSAPI) && defined(WITH_OPENSSL) + if (options.gss_keyex) { + ssh->kex->gss_deleg_creds = options.gss_deleg_creds; + ssh->kex->gss_trust_dns = options.gss_trust_dns; + ssh->kex->gss_client = options.gss_client_identity; + ssh->kex->gss_host = gss_host; + } +#endif + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); /* remove ext-info from the KEX proposals for rekeying */ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(options.kex_algorithms); +#if defined(GSSAPI) && defined(WITH_OPENSSL) + /* repair myproposal after it was crumpled by the */ + /* ext-info removal above */ + if (gss) { + orig = myproposal[PROPOSAL_KEX_ALGS]; + xasprintf(&myproposal[PROPOSAL_KEX_ALGS], + "%s,%s", gss, orig); + free(gss); + } +#endif if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) fatal("kex_prop2buf: %s", ssh_err(r)); @@ -317,6 +379,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *); static int input_gssapi_token(int type, u_int32_t, struct ssh *); static int input_gssapi_error(int, u_int32_t, struct ssh *); static int input_gssapi_errtok(int, u_int32_t, struct ssh *); +static int userauth_gsskeyex(struct ssh *); #endif void userauth(struct ssh *, char *); @@ -333,6 +396,11 @@ static char *authmethods_get(void); Authmethod authmethods[] = { #ifdef GSSAPI + {"gssapi-keyex", + userauth_gsskeyex, + NULL, + &options.gss_keyex, + NULL}, {"gssapi-with-mic", userauth_gssapi, userauth_gssapi_cleanup, @@ -698,12 +766,25 @@ userauth_gssapi(struct ssh *ssh) OM_uint32 min; int r, ok = 0; gss_OID mech = NULL; + char *gss_host; + + if (options.gss_server_identity) + gss_host = xstrdup(options.gss_server_identity); + else if (options.gss_trust_dns) + gss_host = remote_hostname(ssh); + else + gss_host = xstrdup(authctxt->host); /* Try one GSSAPI method at a time, rather than sending them all at * once. */ if (authctxt->gss_supported_mechs == NULL) - gss_indicate_mechs(&min, &authctxt->gss_supported_mechs); + if (GSS_ERROR(gss_indicate_mechs(&min, + &authctxt->gss_supported_mechs))) { + authctxt->gss_supported_mechs = NULL; + free(gss_host); + return 0; + } /* Check to see whether the mechanism is usable before we offer it */ while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && @@ -712,13 +793,15 @@ userauth_gssapi(struct ssh *ssh) elements[authctxt->mech_tried]; /* My DER encoding requires length<128 */ if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, - mech, authctxt->host)) { + mech, gss_host, options.gss_client_identity)) { ok = 1; /* Mechanism works */ } else { authctxt->mech_tried++; } } + free(gss_host); + if (!ok || mech == NULL) return 0; @@ -958,6 +1041,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) free(lang); return r; } + +int +userauth_gsskeyex(struct ssh *ssh) +{ + struct sshbuf *b = NULL; + Authctxt *authctxt = ssh->authctxt; + gss_buffer_desc gssbuf; + gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; + OM_uint32 ms; + int r; + + static int attempt = 0; + if (attempt++ >= 1) + return (0); + + if (gss_kex_context == NULL) { + debug("No valid Key exchange context"); + return (0); + } + + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + + ssh_gssapi_buildmic(b, authctxt->server_user, authctxt->service, + "gssapi-keyex"); + + if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) + fatal("%s: sshbuf_mutable_ptr failed", __func__); + gssbuf.length = sshbuf_len(b); + + if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) { + sshbuf_free(b); + return (0); + } + + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_put_string(ssh, mic.value, mic.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + + sshbuf_free(b); + gss_release_buffer(&ms, &mic); + + return (1); +} + #endif /* GSSAPI */ static int diff --git a/sshd.c b/sshd.c index cbd3bce91..98680721b 100644 --- a/sshd.c +++ b/sshd.c @@ -123,6 +123,10 @@ #include "version.h" #include "ssherr.h" +#ifdef USE_SECURITY_SESSION_API +#include +#endif + /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) @@ -796,8 +800,8 @@ notify_hostkeys(struct ssh *ssh) } debug3("%s: sent %u hostkeys", __func__, nkeys); if (nkeys == 0) - fatal("%s: no hostkeys", __func__); - if ((r = sshpkt_send(ssh)) != 0) + debug3("%s: no hostkeys", __func__); + else if ((r = sshpkt_send(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: send", __func__); sshbuf_free(buf); } @@ -1769,7 +1773,8 @@ main(int ac, char **av) free(fp); } accumulate_host_timing_secret(cfg, NULL); - if (!sensitive_data.have_ssh2_key) { + /* The GSSAPI key exchange can run without a host key */ + if (!sensitive_data.have_ssh2_key && !options.gss_keyex) { logit("sshd: no hostkeys available -- exiting."); exit(1); } @@ -2064,6 +2069,60 @@ main(int ac, char **av) rdomain == NULL ? "" : "\""); free(laddr); +#ifdef USE_SECURITY_SESSION_API + /* + * Create a new security session for use by the new user login if + * the current session is the root session or we are not launched + * by inetd (eg: debugging mode or server mode). We do not + * necessarily need to create a session if we are launched from + * inetd because Panther xinetd will create a session for us. + * + * The only case where this logic will fail is if there is an + * inetd running in a non-root session which is not creating + * new sessions for us. Then all the users will end up in the + * same session (bad). + * + * When the client exits, the session will be destroyed for us + * automatically. + * + * We must create the session before any credentials are stored + * (including AFS pags, which happens a few lines below). + */ + { + OSStatus err = 0; + SecuritySessionId sid = 0; + SessionAttributeBits sattrs = 0; + + err = SessionGetInfo(callerSecuritySession, &sid, &sattrs); + if (err) + error("SessionGetInfo() failed with error %.8X", + (unsigned) err); + else + debug("Current Session ID is %.8X / Session Attributes are %.8X", + (unsigned) sid, (unsigned) sattrs); + + if (inetd_flag && !(sattrs & sessionIsRoot)) + debug("Running in inetd mode in a non-root session... " + "assuming inetd created the session for us."); + else { + debug("Creating new security session..."); + err = SessionCreate(0, sessionHasTTY | sessionIsRemote); + if (err) + error("SessionCreate() failed with error %.8X", + (unsigned) err); + + err = SessionGetInfo(callerSecuritySession, &sid, + &sattrs); + if (err) + error("SessionGetInfo() failed with error %.8X", + (unsigned) err); + else + debug("New Session ID is %.8X / Session Attributes are %.8X", + (unsigned) sid, (unsigned) sattrs); + } + } +#endif + /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is @@ -2260,6 +2319,48 @@ do_ssh2_kex(struct ssh *ssh) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); +#if defined(GSSAPI) && defined(WITH_OPENSSL) + { + char *orig; + char *gss = NULL; + char *newstr = NULL; + orig = myproposal[PROPOSAL_KEX_ALGS]; + + /* + * If we don't have a host key, then there's no point advertising + * the other key exchange algorithms + */ + + if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) + orig = NULL; + + if (options.gss_keyex) + gss = ssh_gssapi_server_mechanisms(); + else + gss = NULL; + + if (gss && orig) + xasprintf(&newstr, "%s,%s", gss, orig); + else if (gss) + newstr = gss; + else if (orig) + newstr = orig; + + /* + * If we've got GSSAPI mechanisms, then we've got the 'null' host + * key alg, but we can't tell people about it unless its the only + * host key algorithm we support + */ + if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0) + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null"; + + if (newstr) + myproposal[PROPOSAL_KEX_ALGS] = newstr; + else + fatal("No supported key exchange algorithms"); + } +#endif + /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); @@ -2275,7 +2376,18 @@ do_ssh2_kex(struct ssh *ssh) # ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kex_gen_server; # endif -#endif +# ifdef GSSAPI + if (options.gss_keyex) { + kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; + kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; + kex->kex[KEX_GSS_GRP14_SHA256] = kexgss_server; + kex->kex[KEX_GSS_GRP16_SHA512] = kexgss_server; + kex->kex[KEX_GSS_GEX_SHA1] = kexgssgex_server; + kex->kex[KEX_GSS_NISTP256_SHA256] = kexgss_server; + kex->kex[KEX_GSS_C25519_SHA256] = kexgss_server; + } +# endif +#endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kex_gen_server; kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; kex->load_host_public_key=&get_hostkey_public_by_type; diff --git a/sshd_config b/sshd_config index 19b7c91a1..2c48105f8 100644 --- a/sshd_config +++ b/sshd_config @@ -69,6 +69,8 @@ AuthorizedKeysFile .ssh/authorized_keys # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will diff --git a/sshd_config.5 b/sshd_config.5 index b224f2929..2baa6622b 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -653,6 +653,11 @@ Specifies whether to automatically destroy the user's credentials cache on logout. The default is .Cm yes . +.It Cm GSSAPIKeyExchange +Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange +doesn't rely on ssh keys to verify host identity. +The default is +.Cm no . .It Cm GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. @@ -667,6 +672,31 @@ machine's default store. This facility is provided to assist with operation on multi homed machines. The default is .Cm yes . +.It Cm GSSAPIStoreCredentialsOnRekey +Controls whether the user's GSSAPI credentials should be updated following a +successful connection rekeying. This option can be used to accepted renewed +or updated credentials from a compatible client. The default is +.Dq no . +.Pp +For this to work +.Cm GSSAPIKeyExchange +needs to be enabled in the server and also used by the client. +.It Cm GSSAPIKexAlgorithms +The list of key exchange algorithms that are accepted by GSSAPI +key exchange. Possible values are +.Bd -literal -offset 3n +gss-gex-sha1-, +gss-group1-sha1-, +gss-group14-sha1-, +gss-group14-sha256-, +gss-group16-sha512-, +gss-nistp256-sha256-, +gss-curve25519-sha256- +.Ed +.Pp +The default is +.Dq gss-gex-sha1-,gss-group14-sha1- . +This option only applies to protocol version 2 connections using GSSAPI. .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication as a list of comma-separated patterns. diff --git a/sshkey.c b/sshkey.c index ad1957762..789cd61ef 100644 --- a/sshkey.c +++ b/sshkey.c @@ -135,6 +135,7 @@ static const struct keytype keytypes[] = { # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ + { "null", "null", NULL, KEY_NULL, 0, 0, 0 }, { NULL, NULL, NULL, -1, -1, 0, 0 } }; @@ -223,7 +224,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL) + if (kt->name == NULL || kt->type == KEY_NULL) continue; if (!include_sigonly && kt->sigonly) continue; diff --git a/sshkey.h b/sshkey.h index a91e60436..c11106c93 100644 --- a/sshkey.h +++ b/sshkey.h @@ -65,6 +65,7 @@ enum sshkey_types { KEY_ED25519_CERT, KEY_XMSS, KEY_XMSS_CERT, + KEY_NULL, KEY_UNSPEC }; -- cgit v1.2.3 From 0f9f44654708e4fde2f52c52f717d061b5e458fa Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Tue, 7 Oct 2014 13:22:41 +0100 Subject: Restore TCP wrappers support Support for TCP wrappers was dropped in OpenSSH 6.7. See this message and thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html It is true that this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: restore-tcp-wrappers.patch --- configure.ac | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ sshd.8 | 7 +++++++ sshd.c | 25 +++++++++++++++++++++++++ 3 files changed, 89 insertions(+) diff --git a/configure.ac b/configure.ac index 2869f7042..ce16e7758 100644 --- a/configure.ac +++ b/configure.ac @@ -1518,6 +1518,62 @@ else AC_MSG_RESULT([no]) fi +# Check whether user wants TCP wrappers support +TCPW_MSG="no" +AC_ARG_WITH([tcp-wrappers], + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], + [ + if test "x$withval" != "xno" ; then + saved_LIBS="$LIBS" + saved_LDFLAGS="$LDFLAGS" + saved_CPPFLAGS="$CPPFLAGS" + if test -n "${withval}" && \ + test "x${withval}" != "xyes"; then + if test -d "${withval}/lib"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + else + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" + fi + fi + if test -d "${withval}/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + fi + LIBS="-lwrap $LIBS" + AC_MSG_CHECKING([for libwrap]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include +#include +int deny_severity = 0, allow_severity = 0; + ]], [[ + hosts_access(0); + ]])], [ + AC_MSG_RESULT([yes]) + AC_DEFINE([LIBWRAP], [1], + [Define if you want + TCP Wrappers support]) + SSHDLIBS="$SSHDLIBS -lwrap" + TCPW_MSG="yes" + ], [ + AC_MSG_ERROR([*** libwrap missing]) + + ]) + LIBS="$saved_LIBS" + fi + ] +) + # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, @@ -5269,6 +5325,7 @@ echo " PAM support: $PAM_MSG" echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" +echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" diff --git a/sshd.8 b/sshd.8 index fb133c14b..57a7fd66b 100644 --- a/sshd.8 +++ b/sshd.8 @@ -873,6 +873,12 @@ the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp +.It Pa /etc/hosts.allow +.It Pa /etc/hosts.deny +Access controls that should be enforced by tcp-wrappers are defined here. +Further details are described in +.Xr hosts_access 5 . +.Pp .It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . @@ -975,6 +981,7 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr chroot 2 , +.Xr hosts_access 5 , .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , diff --git a/sshd.c b/sshd.c index 98680721b..46870d3b5 100644 --- a/sshd.c +++ b/sshd.c @@ -127,6 +127,13 @@ #include #endif +#ifdef LIBWRAP +#include +#include +int allow_severity; +int deny_severity; +#endif /* LIBWRAP */ + /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) @@ -2057,6 +2064,24 @@ main(int ac, char **av) #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); #endif +#ifdef LIBWRAP + allow_severity = options.log_facility|LOG_INFO; + deny_severity = options.log_facility|LOG_WARNING; + /* Check whether logins are denied from this host. */ + if (ssh_packet_connection_is_on_socket(ssh)) { + struct request_info req; + + request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); + fromhost(&req); + + if (!hosts_access(&req)) { + debug("Connection refused by tcp wrapper"); + refuse(&req); + /* NOTREACHED */ + fatal("libwrap refuse returns"); + } + } +#endif /* LIBWRAP */ rdomain = ssh_packet_rdomain_in(ssh); -- cgit v1.2.3 From 21e3ff3ab4791d3c94bd775da66cde29797fcb36 Mon Sep 17 00:00:00 2001 From: Manoj Srivastava Date: Sun, 9 Feb 2014 16:09:49 +0000 Subject: Handle SELinux authorisation roles Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2019-06-05 Patch-Name: selinux-role.patch --- auth.h | 1 + auth2.c | 10 ++++++++-- monitor.c | 37 +++++++++++++++++++++++++++++++++---- monitor.h | 2 ++ monitor_wrap.c | 27 ++++++++++++++++++++++++--- monitor_wrap.h | 3 ++- openbsd-compat/port-linux.c | 21 ++++++++++++++------- openbsd-compat/port-linux.h | 4 ++-- platform.c | 4 ++-- platform.h | 2 +- session.c | 10 +++++----- session.h | 2 +- sshd.c | 2 +- sshpty.c | 4 ++-- sshpty.h | 2 +- 15 files changed, 99 insertions(+), 32 deletions(-) diff --git a/auth.h b/auth.h index bf393e755..8f13bdf48 100644 --- a/auth.h +++ b/auth.h @@ -65,6 +65,7 @@ struct Authctxt { char *service; struct passwd *pw; /* set if 'valid' */ char *style; + char *role; /* Method lists for multiple authentication */ char **auth_methods; /* modified from server config */ diff --git a/auth2.c b/auth2.c index 7417eafa4..d60e7f1f2 100644 --- a/auth2.c +++ b/auth2.c @@ -267,7 +267,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; Authmethod *m = NULL; - char *user = NULL, *service = NULL, *method = NULL, *style = NULL; + char *user = NULL, *service = NULL, *method = NULL, *style = NULL, *role = NULL; int r, authenticated = 0; double tstart = monotime_double(); @@ -281,8 +281,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); + if ((role = strchr(user, '/')) != NULL) + *role++ = 0; + if ((style = strchr(user, ':')) != NULL) *style++ = 0; + else if (role && (style = strchr(role, ':')) != NULL) + *style++ = '\0'; if (authctxt->attempt++ == 0) { /* setup auth context */ @@ -309,8 +314,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; + authctxt->role = role ? xstrdup(role) : NULL; if (use_privsep) - mm_inform_authserv(service, style); + mm_inform_authserv(service, style, role); userauth_banner(ssh); if (auth2_setup_methods_lists(authctxt) != 0) ssh_packet_disconnect(ssh, diff --git a/monitor.c b/monitor.c index 0766d6ef5..5f84e880d 100644 --- a/monitor.c +++ b/monitor.c @@ -117,6 +117,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *); int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); int mm_answer_authserv(struct ssh *, int, struct sshbuf *); +int mm_answer_authrole(struct ssh *, int, struct sshbuf *); int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); @@ -197,6 +198,7 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, + {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, #ifdef USE_PAM @@ -819,6 +821,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) /* Allow service/style information on the auth context */ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); #ifdef USE_PAM @@ -852,16 +855,42 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m) monitor_permit_authentications(1); if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || - (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) + (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug3("%s: service=%s, style=%s", - __func__, authctxt->service, authctxt->style); + debug3("%s: service=%s, style=%s, role=%s", + __func__, authctxt->service, authctxt->style, authctxt->role); if (strlen(authctxt->style) == 0) { free(authctxt->style); authctxt->style = NULL; } + if (strlen(authctxt->role) == 0) { + free(authctxt->role); + authctxt->role = NULL; + } + + return (0); +} + +int +mm_answer_authrole(struct ssh *ssh, int sock, struct sshbuf *m) +{ + int r; + + monitor_permit_authentications(1); + + if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + debug3("%s: role=%s", + __func__, authctxt->role); + + if (strlen(authctxt->role) == 0) { + free(authctxt->role); + authctxt->role = NULL; + } + return (0); } @@ -1528,7 +1557,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); if (res == 0) goto error; - pty_setowner(authctxt->pw, s->tty); + pty_setowner(authctxt->pw, s->tty, authctxt->role); if ((r = sshbuf_put_u32(m, 1)) != 0 || (r = sshbuf_put_cstring(m, s->tty)) != 0) diff --git a/monitor.h b/monitor.h index 2b1a2d590..4d87284aa 100644 --- a/monitor.h +++ b/monitor.h @@ -65,6 +65,8 @@ enum monitor_reqtype { MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, + + MONITOR_REQ_AUTHROLE = 154, }; struct ssh; diff --git a/monitor_wrap.c b/monitor_wrap.c index 8e4c1c1f8..6b3a6251c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -364,10 +364,10 @@ mm_auth2_read_banner(void) return (banner); } -/* Inform the privileged process about service and style */ +/* Inform the privileged process about service, style, and role */ void -mm_inform_authserv(char *service, char *style) +mm_inform_authserv(char *service, char *style, char *role) { struct sshbuf *m; int r; @@ -377,7 +377,8 @@ mm_inform_authserv(char *service, char *style) if ((m = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); if ((r = sshbuf_put_cstring(m, service)) != 0 || - (r = sshbuf_put_cstring(m, style ? style : "")) != 0) + (r = sshbuf_put_cstring(m, style ? style : "")) != 0 || + (r = sshbuf_put_cstring(m, role ? role : "")) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m); @@ -385,6 +386,26 @@ mm_inform_authserv(char *service, char *style) sshbuf_free(m); } +/* Inform the privileged process about role */ + +void +mm_inform_authrole(char *role) +{ + struct sshbuf *m; + int r; + + debug3("%s entering", __func__); + + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, role ? role : "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, m); + + sshbuf_free(m); +} + /* Do the password authentication */ int mm_auth_password(struct ssh *ssh, char *password) diff --git a/monitor_wrap.h b/monitor_wrap.h index 69164a8c0..3d0e32d48 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -44,7 +44,8 @@ int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int compat); -void mm_inform_authserv(char *, char *); +void mm_inform_authserv(char *, char *, char *); +void mm_inform_authrole(char *); struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct ssh *, char *); diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 622988822..3e6e07670 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -56,7 +56,7 @@ ssh_selinux_enabled(void) /* Return the default security context for the given username */ static security_context_t -ssh_selinux_getctxbyname(char *pwname) +ssh_selinux_getctxbyname(char *pwname, const char *role) { security_context_t sc = NULL; char *sename = NULL, *lvl = NULL; @@ -71,9 +71,16 @@ ssh_selinux_getctxbyname(char *pwname) #endif #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL - r = get_default_context_with_level(sename, lvl, NULL, &sc); + if (role != NULL && role[0]) + r = get_default_context_with_rolelevel(sename, role, lvl, NULL, + &sc); + else + r = get_default_context_with_level(sename, lvl, NULL, &sc); #else - r = get_default_context(sename, NULL, &sc); + if (role != NULL && role[0]) + r = get_default_context_with_role(sename, role, NULL, &sc); + else + r = get_default_context(sename, NULL, &sc); #endif if (r != 0) { @@ -103,7 +110,7 @@ ssh_selinux_getctxbyname(char *pwname) /* Set the execution context to the default for the specified user */ void -ssh_selinux_setup_exec_context(char *pwname) +ssh_selinux_setup_exec_context(char *pwname, const char *role) { security_context_t user_ctx = NULL; @@ -112,7 +119,7 @@ ssh_selinux_setup_exec_context(char *pwname) debug3("%s: setting execution context", __func__); - user_ctx = ssh_selinux_getctxbyname(pwname); + user_ctx = ssh_selinux_getctxbyname(pwname, role); if (setexeccon(user_ctx) != 0) { switch (security_getenforce()) { case -1: @@ -134,7 +141,7 @@ ssh_selinux_setup_exec_context(char *pwname) /* Set the TTY context for the specified user */ void -ssh_selinux_setup_pty(char *pwname, const char *tty) +ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role) { security_context_t new_tty_ctx = NULL; security_context_t user_ctx = NULL; @@ -146,7 +153,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) debug3("%s: setting TTY context on %s", __func__, tty); - user_ctx = ssh_selinux_getctxbyname(pwname); + user_ctx = ssh_selinux_getctxbyname(pwname, role); /* XXX: should these calls fatal() upon failure in enforcing mode? */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 3c22a854d..c88129428 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -19,8 +19,8 @@ #ifdef WITH_SELINUX int ssh_selinux_enabled(void); -void ssh_selinux_setup_pty(char *, const char *); -void ssh_selinux_setup_exec_context(char *); +void ssh_selinux_setup_pty(char *, const char *, const char *); +void ssh_selinux_setup_exec_context(char *, const char *); void ssh_selinux_change_context(const char *); void ssh_selinux_setfscreatecon(const char *); #endif diff --git a/platform.c b/platform.c index 41acc9370..35654ea51 100644 --- a/platform.c +++ b/platform.c @@ -142,7 +142,7 @@ platform_setusercontext(struct passwd *pw) * called if sshd is running as root. */ void -platform_setusercontext_post_groups(struct passwd *pw) +platform_setusercontext_post_groups(struct passwd *pw, const char *role) { #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) /* @@ -183,7 +183,7 @@ platform_setusercontext_post_groups(struct passwd *pw) } #endif /* HAVE_SETPCRED */ #ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); + ssh_selinux_setup_exec_context(pw->pw_name, role); #endif } diff --git a/platform.h b/platform.h index ea4f9c584..60d72ffe7 100644 --- a/platform.h +++ b/platform.h @@ -25,7 +25,7 @@ void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); int platform_privileged_uidswap(void); void platform_setusercontext(struct passwd *); -void platform_setusercontext_post_groups(struct passwd *); +void platform_setusercontext_post_groups(struct passwd *, const char *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); int platform_sys_dir_uid(uid_t); diff --git a/session.c b/session.c index ac3d9d19d..d87ea4d44 100644 --- a/session.c +++ b/session.c @@ -1356,7 +1356,7 @@ safely_chroot(const char *path, uid_t uid) /* Set login name, uid, gid, and groups. */ void -do_setusercontext(struct passwd *pw) +do_setusercontext(struct passwd *pw, const char *role) { char uidstr[32], *chroot_path, *tmp; @@ -1384,7 +1384,7 @@ do_setusercontext(struct passwd *pw) endgrent(); #endif - platform_setusercontext_post_groups(pw); + platform_setusercontext_post_groups(pw, role); if (!in_chroot && options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { @@ -1525,7 +1525,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) /* Force a password change */ if (s->authctxt->force_pwchange) { - do_setusercontext(pw); + do_setusercontext(pw, s->authctxt->role); child_close_fds(ssh); do_pwchange(s); exit(1); @@ -1543,7 +1543,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) /* When PAM is enabled we rely on it to do the nologin check */ if (!options.use_pam) do_nologin(pw); - do_setusercontext(pw); + do_setusercontext(pw, s->authctxt->role); /* * PAM session modules in do_setusercontext may have * generated messages, so if this in an interactive @@ -1942,7 +1942,7 @@ session_pty_req(struct ssh *ssh, Session *s) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!use_privsep) - pty_setowner(s->pw, s->tty); + pty_setowner(s->pw, s->tty, s->authctxt->role); /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); diff --git a/session.h b/session.h index ce59dabd9..675c91146 100644 --- a/session.h +++ b/session.h @@ -77,7 +77,7 @@ void session_pty_cleanup2(Session *); Session *session_new(void); Session *session_by_tty(char *); void session_close(struct ssh *, Session *); -void do_setusercontext(struct passwd *); +void do_setusercontext(struct passwd *, const char *); const char *session_get_remote_name_or_ip(struct ssh *, u_int, int); diff --git a/sshd.c b/sshd.c index 46870d3b5..e3e96426e 100644 --- a/sshd.c +++ b/sshd.c @@ -594,7 +594,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt) reseed_prngs(); /* Drop privileges */ - do_setusercontext(authctxt->pw); + do_setusercontext(authctxt->pw, authctxt->role); skip: /* It is safe now to apply the key state */ diff --git a/sshpty.c b/sshpty.c index 4da84d05f..676ade50e 100644 --- a/sshpty.c +++ b/sshpty.c @@ -162,7 +162,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col, } void -pty_setowner(struct passwd *pw, const char *tty) +pty_setowner(struct passwd *pw, const char *tty, const char *role) { struct group *grp; gid_t gid; @@ -184,7 +184,7 @@ pty_setowner(struct passwd *pw, const char *tty) strerror(errno)); #ifdef WITH_SELINUX - ssh_selinux_setup_pty(pw->pw_name, tty); + ssh_selinux_setup_pty(pw->pw_name, tty, role); #endif if (st.st_uid != pw->pw_uid || st.st_gid != gid) { diff --git a/sshpty.h b/sshpty.h index 9ec7e9a15..de7e000ae 100644 --- a/sshpty.h +++ b/sshpty.h @@ -24,5 +24,5 @@ int pty_allocate(int *, int *, char *, size_t); void pty_release(const char *); void pty_make_controlling_tty(int *, const char *); void pty_change_window_size(int, u_int, u_int, u_int, u_int); -void pty_setowner(struct passwd *, const char *); +void pty_setowner(struct passwd *, const char *, const char *); void disconnect_controlling_tty(void); -- cgit v1.2.3 From 0138f331a73d692f4543477ce7f64f9ede7d6b08 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:09:50 +0000 Subject: Accept obsolete ssh-vulnkey configuration options These options were used as part of Debian's response to CVE-2008-0166. Nearly six years later, we no longer need to continue carrying the bulk of that patch, but we do need to avoid failing when the associated configuration options are still present. Last-Update: 2014-02-09 Patch-Name: ssh-vulnkey-compat.patch --- readconf.c | 1 + servconf.c | 1 + 2 files changed, 2 insertions(+) diff --git a/readconf.c b/readconf.c index 4d699e5f1..29f3bd98d 100644 --- a/readconf.c +++ b/readconf.c @@ -192,6 +192,7 @@ static struct { { "fallbacktorsh", oDeprecated }, { "globalknownhostsfile2", oDeprecated }, { "rhostsauthentication", oDeprecated }, + { "useblacklistedkeys", oDeprecated }, { "userknownhostsfile2", oDeprecated }, { "useroaming", oDeprecated }, { "usersh", oDeprecated }, diff --git a/servconf.c b/servconf.c index ffdad31e7..c01e0690e 100644 --- a/servconf.c +++ b/servconf.c @@ -621,6 +621,7 @@ static struct { { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, + { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL }, { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, { "uselogin", sDeprecated, SSHCFG_GLOBAL }, -- cgit v1.2.3 From 4d8dd12bab7bbc954815d7953a0c86ce1687bd34 Mon Sep 17 00:00:00 2001 From: Richard Kettlewell Date: Sun, 9 Feb 2014 16:09:52 +0000 Subject: Various keepalive extensions Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported in previous versions of Debian's OpenSSH package but since superseded by ServerAliveInterval. (We're probably stuck with this bit for compatibility.) In batch mode, default ServerAliveInterval to five minutes. Adjust documentation to match and to give some more advice on use of keepalives. Author: Ian Jackson Author: Matthew Vernon Author: Colin Watson Last-Update: 2018-10-19 Patch-Name: keepalive-extensions.patch --- readconf.c | 14 ++++++++++++-- ssh_config.5 | 21 +++++++++++++++++++-- sshd_config.5 | 3 +++ 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/readconf.c b/readconf.c index 29f3bd98d..3d0b6ff90 100644 --- a/readconf.c +++ b/readconf.c @@ -177,6 +177,7 @@ typedef enum { oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, + oProtocolKeepAlives, oSetupTimeOut, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -326,6 +327,8 @@ static struct { { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, { "ignoreunknown", oIgnoreUnknown }, { "proxyjump", oProxyJump }, + { "protocolkeepalives", oProtocolKeepAlives }, + { "setuptimeout", oSetupTimeOut }, { NULL, oBadOption } }; @@ -1440,6 +1443,8 @@ parse_keytypes: goto parse_flag; case oServerAliveInterval: + case oProtocolKeepAlives: /* Debian-specific compatibility alias */ + case oSetupTimeOut: /* Debian-specific compatibility alias */ intptr = &options->server_alive_interval; goto parse_time; @@ -2133,8 +2138,13 @@ fill_default_options(Options * options) options->rekey_interval = 0; if (options->verify_host_key_dns == -1) options->verify_host_key_dns = 0; - if (options->server_alive_interval == -1) - options->server_alive_interval = 0; + if (options->server_alive_interval == -1) { + /* in batch mode, default is 5mins */ + if (options->batch_mode == 1) + options->server_alive_interval = 300; + else + options->server_alive_interval = 0; + } if (options->server_alive_count_max == -1) options->server_alive_count_max = 3; if (options->control_master == -1) diff --git a/ssh_config.5 b/ssh_config.5 index c3c8b274a..250c92d04 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -265,8 +265,12 @@ Valid arguments are If set to .Cm yes , passphrase/password querying will be disabled. +In addition, the +.Cm ServerAliveInterval +option will be set to 300 seconds by default (Debian-specific). This option is useful in scripts and other batch jobs where no user -is present to supply the password. +is present to supply the password, +and where it is desirable to detect a broken network swiftly. The argument must be .Cm yes or @@ -1535,7 +1539,14 @@ from the server, will send a message through the encrypted channel to request a response from the server. The default -is 0, indicating that these messages will not be sent to the server. +is 0, indicating that these messages will not be sent to the server, +or 300 if the +.Cm BatchMode +option is set (Debian-specific). +.Cm ProtocolKeepAlives +and +.Cm SetupTimeOut +are Debian-specific compatibility aliases for this option. .It Cm SetEnv Directly specify one or more environment variables and their contents to be sent to the server. @@ -1615,6 +1626,12 @@ Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. +This option only uses TCP keepalives (as opposed to using ssh level +keepalives), so takes a long time to notice when the connection dies. +As such, you probably want +the +.Cm ServerAliveInterval +option as well. However, this means that connections will die if the route is down temporarily, and some people find it annoying. diff --git a/sshd_config.5 b/sshd_config.5 index 2baa6622b..2ef671d1b 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -1597,6 +1597,9 @@ This avoids infinitely hanging sessions. .Pp To disable TCP keepalive messages, the value should be set to .Cm no . +.Pp +This option was formerly called +.Cm KeepAlive . .It Cm TrustedUserCAKeys Specifies a file containing public keys of certificate authorities that are trusted to sign user certificates for authentication, or -- cgit v1.2.3 From 0646a0cd5ea893cf822113d4f10c501540c18e40 Mon Sep 17 00:00:00 2001 From: Jonathan David Amery Date: Sun, 9 Feb 2014 16:09:54 +0000 Subject: "LogLevel SILENT" compatibility "LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to match the behaviour of non-free SSH, in which -q does not suppress fatal errors. However, this was unintentionally broken in 1:4.6p1-2 and nobody complained, so we've dropped most of it. The parts that remain are basic configuration file compatibility, and an adjustment to "Pseudo-terminal will not be allocated ..." which should be split out into a separate patch. Author: Matthew Vernon Author: Colin Watson Last-Update: 2013-09-14 Patch-Name: syslog-level-silent.patch --- log.c | 1 + ssh.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/log.c b/log.c index d9c2d136c..1749af6d1 100644 --- a/log.c +++ b/log.c @@ -93,6 +93,7 @@ static struct { LogLevel val; } log_levels[] = { + { "SILENT", SYSLOG_LEVEL_QUIET }, /* compatibility */ { "QUIET", SYSLOG_LEVEL_QUIET }, { "FATAL", SYSLOG_LEVEL_FATAL }, { "ERROR", SYSLOG_LEVEL_ERROR }, diff --git a/ssh.c b/ssh.c index 42be7d88f..86f143341 100644 --- a/ssh.c +++ b/ssh.c @@ -1265,7 +1265,7 @@ main(int ac, char **av) /* Do not allocate a tty if stdin is not a tty. */ if ((!isatty(fileno(stdin)) || stdin_null_flag) && options.request_tty != REQUEST_TTY_FORCE) { - if (tty_flag) + if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET) logit("Pseudo-terminal will not be allocated because " "stdin is not a terminal."); tty_flag = 0; -- cgit v1.2.3 From e04a43bd5798ba43d910493d179438845e96f631 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:09:58 +0000 Subject: Allow harmless group-writability Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2019-06-05 Patch-Name: user-group-modes.patch --- auth-rhosts.c | 6 ++---- auth.c | 3 +-- misc.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- misc.h | 2 ++ readconf.c | 3 +-- ssh.1 | 2 ++ ssh_config.5 | 2 ++ 7 files changed, 63 insertions(+), 13 deletions(-) diff --git a/auth-rhosts.c b/auth-rhosts.c index 57296e1f6..546aa0495 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, return 0; } if (options.strict_modes && - ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + !secure_permissions(&st, pw->pw_uid)) { logit("Rhosts authentication refused for %.100s: " "bad ownership or modes for home directory.", pw->pw_name); auth_debug_add("Rhosts authentication refused for %.100s: " @@ -288,8 +287,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * allowing access to their account by anyone. */ if (options.strict_modes && - ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + !secure_permissions(&st, pw->pw_uid)) { logit("Rhosts authentication refused for %.100s: bad modes for %.200s", pw->pw_name, buf); auth_debug_add("Bad file modes for %.200s", buf); diff --git a/auth.c b/auth.c index f7a23afba..8ffd77662 100644 --- a/auth.c +++ b/auth.c @@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && (stat(user_hostfile, &st) == 0) && - ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + !secure_permissions(&st, pw->pw_uid)) { logit("Authentication refused for %.100s: " "bad owner or modes for %.200s", pw->pw_name, user_hostfile); diff --git a/misc.c b/misc.c index 009e02bc5..634b5060a 100644 --- a/misc.c +++ b/misc.c @@ -59,8 +59,9 @@ #include #ifdef HAVE_PATHS_H # include -#include #endif +#include +#include #ifdef SSH_TUN_OPENBSD #include #endif @@ -1103,6 +1104,55 @@ percent_expand(const char *string, ...) #undef EXPAND_MAX_KEYS } +int +secure_permissions(struct stat *st, uid_t uid) +{ + if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid) + return 0; + if ((st->st_mode & 002) != 0) + return 0; + if ((st->st_mode & 020) != 0) { + /* If the file is group-writable, the group in question must + * have exactly one member, namely the file's owner. + * (Zero-member groups are typically used by setgid + * binaries, and are unlikely to be suitable.) + */ + struct passwd *pw; + struct group *gr; + int members = 0; + + gr = getgrgid(st->st_gid); + if (!gr) + return 0; + + /* Check primary group memberships. */ + while ((pw = getpwent()) != NULL) { + if (pw->pw_gid == gr->gr_gid) { + ++members; + if (pw->pw_uid != uid) + return 0; + } + } + endpwent(); + + pw = getpwuid(st->st_uid); + if (!pw) + return 0; + + /* Check supplementary group memberships. */ + if (gr->gr_mem[0]) { + ++members; + if (strcmp(pw->pw_name, gr->gr_mem[0]) || + gr->gr_mem[1]) + return 0; + } + + if (!members) + return 0; + } + return 1; +} + int tun_open(int tun, int mode, char **ifname) { @@ -1860,8 +1910,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, snprintf(err, errlen, "%s is not a regular file", buf); return -1; } - if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || - (stp->st_mode & 022) != 0) { + if (!secure_permissions(stp, uid)) { snprintf(err, errlen, "bad ownership or modes for file %s", buf); return -1; @@ -1876,8 +1925,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, strlcpy(buf, cp, sizeof(buf)); if (stat(buf, &st) < 0 || - (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || - (st.st_mode & 022) != 0) { + !secure_permissions(&st, uid)) { snprintf(err, errlen, "bad ownership or modes for directory %s", buf); return -1; diff --git a/misc.h b/misc.h index 5b4325aba..a4bdee187 100644 --- a/misc.h +++ b/misc.h @@ -175,6 +175,8 @@ int safe_path_fd(int, const char *, struct passwd *, char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); +int secure_permissions(struct stat *st, uid_t uid); + #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) diff --git a/readconf.c b/readconf.c index 3d0b6ff90..cd60007f8 100644 --- a/readconf.c +++ b/readconf.c @@ -1846,8 +1846,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, if (fstat(fileno(f), &sb) == -1) fatal("fstat %s: %s", filename, strerror(errno)); - if (((sb.st_uid != 0 && sb.st_uid != getuid()) || - (sb.st_mode & 022) != 0)) + if (!secure_permissions(&sb, getuid())) fatal("Bad owner or permissions on %s", filename); } diff --git a/ssh.1 b/ssh.1 index a1c7d2305..64ead5f57 100644 --- a/ssh.1 +++ b/ssh.1 @@ -1484,6 +1484,8 @@ The file format and configuration options are described in .Xr ssh_config 5 . Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not writable by others. +It may be group-writable provided that the group in question contains only +the user. .Pp .It Pa ~/.ssh/environment Contains additional definitions for environment variables; see diff --git a/ssh_config.5 b/ssh_config.5 index 250c92d04..bd1e9311d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -1885,6 +1885,8 @@ The format of this file is described above. This file is used by the SSH client. Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not writable by others. +It may be group-writable provided that the group in question contains only +the user. .It Pa /etc/ssh/ssh_config Systemwide configuration file. This file provides defaults for those -- cgit v1.2.3 From 76a51e544a6a6a674ff1dddf4bb6da05d9cce774 Mon Sep 17 00:00:00 2001 From: Nicolas Valcárcel Date: Sun, 9 Feb 2014 16:09:59 +0000 Subject: Adjust scp quoting in verbose mode Tweak scp's reporting of filenames in verbose mode to be a bit less confusing with spaces. This should be revised to mimic real shell quoting. Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945 Last-Update: 2010-02-27 Patch-Name: scp-quoting.patch --- scp.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scp.c b/scp.c index 80bc0e8b1..a2dc410bd 100644 --- a/scp.c +++ b/scp.c @@ -199,8 +199,16 @@ do_local_cmd(arglist *a) if (verbose_mode) { fprintf(stderr, "Executing:"); - for (i = 0; i < a->num; i++) - fmprintf(stderr, " %s", a->list[i]); + for (i = 0; i < a->num; i++) { + if (i == 0) + fmprintf(stderr, " %s", a->list[i]); + else + /* + * TODO: misbehaves if a->list[i] contains a + * single quote + */ + fmprintf(stderr, " '%s'", a->list[i]); + } fprintf(stderr, "\n"); } if ((pid = fork()) == -1) -- cgit v1.2.3 From b019e32a0ee7a79c0a08cb1199229d03b16934a7 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:00 +0000 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand There's some debate on the upstream bug about whether POSIX requires this. I (Colin Watson) agree with Vincent and think it does. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 Bug-Debian: http://bugs.debian.org/492728 Last-Update: 2013-09-14 Patch-Name: shell-path.patch --- sshconnect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index fdcdcd855..103d84e38 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -257,7 +257,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Execute the proxy command. Note that we gave up any extra privileges above. */ signal(SIGPIPE, SIG_DFL); - execv(argv[0], argv); + execvp(argv[0], argv); perror(argv[0]); exit(1); } @@ -1382,7 +1382,7 @@ ssh_local_cmd(const char *args) if (pid == 0) { signal(SIGPIPE, SIG_DFL); debug3("Executing %s -c \"%s\"", shell, args); - execl(shell, shell, "-c", args, (char *)NULL); + execlp(shell, shell, "-c", args, (char *)NULL); error("Couldn't execute %s -c \"%s\": %s", shell, args, strerror(errno)); _exit(1); -- cgit v1.2.3 From 13a16baaf467fae5d507cdb17e3bc753639bca4f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:01 +0000 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch --- dns.c | 14 +++++++++++++- openbsd-compat/getrrsetbyname.c | 10 +++++----- openbsd-compat/getrrsetbyname.h | 3 +++ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/dns.c b/dns.c index ff1a2c41c..82ec97199 100644 --- a/dns.c +++ b/dns.c @@ -211,6 +211,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, { u_int counter; int result; + unsigned int rrset_flags = 0; struct rrsetinfo *fingerprints = NULL; u_int8_t hostkey_algorithm; @@ -234,8 +235,19 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, return -1; } + /* + * Original getrrsetbyname function, found on OpenBSD for example, + * doesn't accept any flag and prerequisite for obtaining AD bit in + * DNS response is set by "options edns0" in resolv.conf. + * + * Our version is more clever and use RRSET_FORCE_EDNS0 flag. + */ +#ifndef HAVE_GETRRSETBYNAME + rrset_flags |= RRSET_FORCE_EDNS0; +#endif result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, - DNS_RDATATYPE_SSHFP, 0, &fingerprints); + DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints); + if (result) { verbose("DNS lookup error: %s", dns_result_totext(result)); return -1; diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index dc6fe0533..e061a290a 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, goto fail; } - /* don't allow flags yet, unimplemented */ - if (flags) { + /* Allow RRSET_FORCE_EDNS0 flag only. */ + if ((flags & !RRSET_FORCE_EDNS0) != 0) { result = ERRSET_INVAL; goto fail; } @@ -226,9 +226,9 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, #endif /* DEBUG */ #ifdef RES_USE_DNSSEC - /* turn on DNSSEC if EDNS0 is configured */ - if (_resp->options & RES_USE_EDNS0) - _resp->options |= RES_USE_DNSSEC; + /* turn on DNSSEC if required */ + if (flags & RRSET_FORCE_EDNS0) + _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC); #endif /* RES_USE_DNSEC */ /* make query */ diff --git a/openbsd-compat/getrrsetbyname.h b/openbsd-compat/getrrsetbyname.h index 1283f5506..dbbc85a2a 100644 --- a/openbsd-compat/getrrsetbyname.h +++ b/openbsd-compat/getrrsetbyname.h @@ -72,6 +72,9 @@ #ifndef RRSET_VALIDATED # define RRSET_VALIDATED 1 #endif +#ifndef RRSET_FORCE_EDNS0 +# define RRSET_FORCE_EDNS0 0x0001 +#endif /* * Return codes for getrrsetbyname() -- cgit v1.2.3 From 15b7cc25dea4efdef7fdd129d0e3d1a091afd67b Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Sun, 9 Feb 2014 16:10:03 +0000 Subject: Mention ssh-keygen in ssh fingerprint changed warning Author: Chris Lamb Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 Last-Update: 2017-08-22 Patch-Name: mention-ssh-keygen-on-keychange.patch --- sshconnect.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sshconnect.c b/sshconnect.c index 103d84e38..0b6f6af4b 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -986,9 +986,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, error("%s. This could either mean that", key_msg); error("DNS SPOOFING is happening or the IP address for the host"); error("and its host key have changed at the same time."); - if (ip_status != HOST_NEW) + if (ip_status != HOST_NEW) { error("Offending key for IP in %s:%lu", ip_found->file, ip_found->line); + error(" remove with:"); + error(" ssh-keygen -f \"%s\" -R \"%s\"", + ip_found->file, ip); + } } /* The host key has changed. */ warn_changed_key(host_key); @@ -997,6 +1001,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, error("Offending %s key in %s:%lu", sshkey_type(host_found->key), host_found->file, host_found->line); + error(" remove with:"); + error(" ssh-keygen -f \"%s\" -R \"%s\"", + host_found->file, host); /* * If strict host key checking is in use, the user will have -- cgit v1.2.3 From 85e700a732e9a308eeee67f5a284e19fd6befbb8 Mon Sep 17 00:00:00 2001 From: Matthew Vernon Date: Sun, 9 Feb 2014 16:10:05 +0000 Subject: Include the Debian version in our identification This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: package-versioning.patch --- kex.c | 2 +- version.h | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/kex.c b/kex.c index a2a4794e8..be354206d 100644 --- a/kex.c +++ b/kex.c @@ -1186,7 +1186,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, if (version_addendum != NULL && *version_addendum == '\0') version_addendum = NULL; if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, version_addendum == NULL ? "" : " ", version_addendum == NULL ? "" : version_addendum)) != 0) { error("%s: sshbuf_putf: %s", __func__, ssh_err(r)); diff --git a/version.h b/version.h index 806ead9a6..599c859e6 100644 --- a/version.h +++ b/version.h @@ -3,4 +3,9 @@ #define SSH_VERSION "OpenSSH_8.0" #define SSH_PORTABLE "p1" -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE +#ifdef SSH_EXTRAVERSION +#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION +#else +#define SSH_RELEASE SSH_RELEASE_MINIMUM +#endif -- cgit v1.2.3 From 085c44daefaee16df97e1b2a0967b2140cc86de0 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Sun, 9 Feb 2014 16:10:06 +0000 Subject: Add DebianBanner server configuration option Setting this to "no" causes sshd to omit the Debian revision from its initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: debian-banner.patch --- kex.c | 5 +++-- kex.h | 2 +- servconf.c | 9 +++++++++ servconf.h | 2 ++ sshconnect.c | 2 +- sshd.c | 3 ++- sshd_config.5 | 5 +++++ 7 files changed, 23 insertions(+), 5 deletions(-) diff --git a/kex.c b/kex.c index be354206d..bbb7a2340 100644 --- a/kex.c +++ b/kex.c @@ -1168,7 +1168,7 @@ send_error(struct ssh *ssh, char *msg) */ int kex_exchange_identification(struct ssh *ssh, int timeout_ms, - const char *version_addendum) + int debian_banner, const char *version_addendum) { int remote_major, remote_minor, mismatch; size_t len, i, n; @@ -1186,7 +1186,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, if (version_addendum != NULL && *version_addendum == '\0') version_addendum = NULL; if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, + debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, version_addendum == NULL ? "" : " ", version_addendum == NULL ? "" : version_addendum)) != 0) { error("%s: sshbuf_putf: %s", __func__, ssh_err(r)); diff --git a/kex.h b/kex.h index 2d5f1d4ed..39f67bbc1 100644 --- a/kex.h +++ b/kex.h @@ -195,7 +195,7 @@ char *kex_names_cat(const char *, const char *); int kex_assemble_names(char **, const char *, const char *); int kex_gss_names_valid(const char *); -int kex_exchange_identification(struct ssh *, int, const char *); +int kex_exchange_identification(struct ssh *, int, int, const char *); struct kex *kex_new(void); int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); diff --git a/servconf.c b/servconf.c index c01e0690e..8d2bced52 100644 --- a/servconf.c +++ b/servconf.c @@ -184,6 +184,7 @@ initialize_server_options(ServerOptions *options) options->fingerprint_hash = -1; options->disable_forwarding = -1; options->expose_userauth_info = -1; + options->debian_banner = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ @@ -437,6 +438,8 @@ fill_default_server_options(ServerOptions *options) options->disable_forwarding = 0; if (options->expose_userauth_info == -1) options->expose_userauth_info = 0; + if (options->debian_banner == -1) + options->debian_banner = 1; assemble_algorithms(options); @@ -523,6 +526,7 @@ typedef enum { sStreamLocalBindMask, sStreamLocalBindUnlink, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sExposeAuthInfo, sRDomain, + sDebianBanner, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -682,6 +686,7 @@ static struct { { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, { "rdomain", sRDomain, SSHCFG_ALL }, { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, { NULL, sBadOption, 0 } }; @@ -2211,6 +2216,10 @@ process_server_config_line(ServerOptions *options, char *line, *charptr = xstrdup(arg); break; + case sDebianBanner: + intptr = &options->debian_banner; + goto parse_flag; + case sDeprecated: case sIgnore: case sUnsupported: diff --git a/servconf.h b/servconf.h index a476d5220..986093ffa 100644 --- a/servconf.h +++ b/servconf.h @@ -214,6 +214,8 @@ typedef struct { int fingerprint_hash; int expose_userauth_info; u_int64_t timing_secret; + + int debian_banner; } ServerOptions; /* Information about the incoming connection as used by Match */ diff --git a/sshconnect.c b/sshconnect.c index 0b6f6af4b..1183ffe0e 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1287,7 +1287,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, lowercase(host); /* Exchange protocol version identification strings with the server. */ - if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0) + if (kex_exchange_identification(ssh, timeout_ms, 1, NULL) != 0) cleanup_exit(255); /* error already logged */ /* Put the connection into non-blocking mode. */ diff --git a/sshd.c b/sshd.c index e3e96426e..1e7ece588 100644 --- a/sshd.c +++ b/sshd.c @@ -2160,7 +2160,8 @@ main(int ac, char **av) if (!debug_flag) alarm(options.login_grace_time); - if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0) + if (kex_exchange_identification(ssh, -1, options.debian_banner, + options.version_addendum) != 0) cleanup_exit(255); /* error already logged */ ssh_packet_set_nonblocking(ssh); diff --git a/sshd_config.5 b/sshd_config.5 index 2ef671d1b..addea54a0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -543,6 +543,11 @@ or .Cm no . The default is .Cm yes . +.It Cm DebianBanner +Specifies whether the distribution-specified extra version suffix is +included during initial protocol handshake. +The default is +.Cm yes . .It Cm DenyGroups This keyword can be followed by a list of group name patterns, separated by spaces. -- cgit v1.2.3 From f9a76ef65bfb6c17d613ab3db2bf39db5087adfc Mon Sep 17 00:00:00 2001 From: Tomas Pospisek Date: Sun, 9 Feb 2014 16:10:07 +0000 Subject: Install authorized_keys(5) as a symlink to sshd(8) Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch --- Makefile.in | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.in b/Makefile.in index c31821acc..0960a6a03 100644 --- a/Makefile.in +++ b/Makefile.in @@ -357,6 +357,7 @@ install-files: $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 + ln -s ../$(mansubdir)8/sshd.8 $(DESTDIR)$(mandir)/$(mansubdir)5/authorized_keys.5 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -- cgit v1.2.3 From 47beec5c944ea9add7d267110fc9dcf15e7b8932 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:09 +0000 Subject: Adjust various OpenBSD-specific references in manual pages No single bug reference for this patch, but history includes: http://bugs.debian.org/154434 (login.conf(5)) http://bugs.debian.org/513417 (/etc/rc) http://bugs.debian.org/530692 (ssl(8)) https://bugs.launchpad.net/bugs/456660 (ssl(8)) Forwarded: not-needed Last-Update: 2017-10-04 Patch-Name: openbsd-docs.patch --- moduli.5 | 4 ++-- ssh-keygen.1 | 12 ++++-------- ssh.1 | 4 ++++ sshd.8 | 5 ++--- sshd_config.5 | 3 +-- 5 files changed, 13 insertions(+), 15 deletions(-) diff --git a/moduli.5 b/moduli.5 index ef0de0850..149846c8c 100644 --- a/moduli.5 +++ b/moduli.5 @@ -21,7 +21,7 @@ .Nd Diffie-Hellman moduli .Sh DESCRIPTION The -.Pa /etc/moduli +.Pa /etc/ssh/moduli file contains prime numbers and generators for use by .Xr sshd 8 in the Diffie-Hellman Group Exchange key exchange method. @@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough Diffie-Hellman output to sufficiently key the selected symmetric cipher. .Xr sshd 8 then randomly selects a modulus from -.Fa /etc/moduli +.Fa /etc/ssh/moduli that best meets the size requirement. .Sh SEE ALSO .Xr ssh-keygen 1 , diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 124456577..9b877b860 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -178,9 +178,7 @@ key in .Pa ~/.ssh/id_ed25519 or .Pa ~/.ssh/id_rsa . -Additionally, the system administrator may use this to generate host keys, -as seen in -.Pa /etc/rc . +Additionally, the system administrator may use this to generate host keys. .Pp Normally this program generates the key and asks for a file in which to store the private key. @@ -243,9 +241,7 @@ If .Fl f has also been specified, its argument is used as a prefix to the default path for the resulting host key files. -This is used by -.Pa /etc/rc -to generate new host keys. +This is used by system administration scripts to generate new host keys. .It Fl a Ar rounds When saving a private key this option specifies the number of KDF (key derivation function) rounds used. @@ -703,7 +699,7 @@ option. Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in -.Pa /etc/moduli . +.Pa /etc/ssh/moduli . It is important that this file contains moduli of a range of bit lengths and that both ends of a connection share common moduli. .Sh CERTIFICATES @@ -903,7 +899,7 @@ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. .Pp -.It Pa /etc/moduli +.It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format is described in .Xr moduli 5 . diff --git a/ssh.1 b/ssh.1 index 64ead5f57..e4aeae7b4 100644 --- a/ssh.1 +++ b/ssh.1 @@ -873,6 +873,10 @@ implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of .Xr ssl 8 +(on non-OpenBSD systems, see +.nh +http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY) +.hy contains a brief discussion of the DSA and RSA algorithms. .Pp The file diff --git a/sshd.8 b/sshd.8 index 57a7fd66b..4abc01d66 100644 --- a/sshd.8 +++ b/sshd.8 @@ -65,7 +65,7 @@ over an insecure network. .Nm listens for connections from clients. It is normally started at boot from -.Pa /etc/rc . +.Pa /etc/init.d/ssh . It forks a new daemon for each incoming connection. The forked daemons handle @@ -884,7 +884,7 @@ This file is for host-based authentication (see .Xr ssh 1 ) . It should only be writable by root. .Pp -.It Pa /etc/moduli +.It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" key exchange method. The file format is described in @@ -982,7 +982,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keyscan 1 , .Xr chroot 2 , .Xr hosts_access 5 , -.Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , .Xr inetd 8 , diff --git a/sshd_config.5 b/sshd_config.5 index addea54a0..f995e4ab0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -395,8 +395,7 @@ Certificates signed using other algorithms will not be accepted for public key or host-based authentication. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed (e.g. via -PAM or through authentication styles supported in -.Xr login.conf 5 ) +PAM). The default is .Cm yes . .It Cm ChrootDirectory -- cgit v1.2.3 From 23b4cc85184891ad61bb98045629400e48d946dd Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:10 +0000 Subject: ssh(1): Refer to ssh-argv0(1) Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks to ssh with the name of the host you want to connect to. Debian ships an ssh-argv0 script restoring this feature; this patch refers to its manual page from ssh(1). Bug-Debian: http://bugs.debian.org/111341 Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: ssh-argv0.patch --- ssh.1 | 1 + 1 file changed, 1 insertion(+) diff --git a/ssh.1 b/ssh.1 index e4aeae7b4..8d2b08a29 100644 --- a/ssh.1 +++ b/ssh.1 @@ -1584,6 +1584,7 @@ if an error occurred. .Xr sftp 1 , .Xr ssh-add 1 , .Xr ssh-agent 1 , +.Xr ssh-argv0 1 , .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr tun 4 , -- cgit v1.2.3 From 099b0bdc57b9a21842c457d83ff9488fa814c9c4 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:11 +0000 Subject: Document that HashKnownHosts may break tab-completion Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727 Bug-Debian: http://bugs.debian.org/430154 Last-Update: 2013-09-14 Patch-Name: doc-hash-tab-completion.patch --- ssh_config.5 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssh_config.5 b/ssh_config.5 index bd1e9311d..39535c4f8 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -836,6 +836,9 @@ Note that existing names and addresses in known hosts files will not be converted automatically, but may be manually hashed using .Xr ssh-keygen 1 . +Use of this option may break facilities such as tab-completion that rely +on being able to read unhashed host names from +.Pa ~/.ssh/known_hosts . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. -- cgit v1.2.3 From 9e040aefaefa40bcbe5dcdc0f9f03555cf8fe2d0 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:13 +0000 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch --- ssh-agent.1 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ssh-agent.1 b/ssh-agent.1 index 83b2b41c8..7230704a3 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -206,6 +206,21 @@ environment variable holds the agent's process ID. .Pp The agent exits automatically when the command given on the command line terminates. +.Pp +In Debian, +.Nm +is installed with the set-group-id bit set, to prevent +.Xr ptrace 2 +attacks retrieving private key material. +This has the side-effect of causing the run-time linker to remove certain +environment variables which might have security implications for set-id +programs, including +.Ev LD_PRELOAD , +.Ev LD_LIBRARY_PATH , +and +.Ev TMPDIR . +If you need to set any of these environment variables, you will need to do +so in the program executed by ssh-agent. .Sh FILES .Bl -tag -width Ds .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent. -- cgit v1.2.3 From 1f61e987ccec2a2af15044196c1a6730959ead98 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 9 Feb 2014 16:10:14 +0000 Subject: Don't check the status field of the OpenSSL version There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch --- openbsd-compat/openssl-compat.c | 6 +++--- openbsd-compat/regress/opensslvertest.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index a37ca61bf..c1749210d 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -34,7 +34,7 @@ /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we + * After that, we accept compatible fix and status versions (so we * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed * within a patch series. */ @@ -55,10 +55,10 @@ ssh_compatible_openssl(long headerver, long libver) } /* - * For versions >= 1.0.0, major,minor,status must match and library + * For versions >= 1.0.0, major,minor must match and library * fix version must be equal to or newer than the header. */ - mask = 0xfff0000fL; /* major,minor,status */ + mask = 0xfff00000L; /* major,minor */ hfix = (headerver & 0x000ff000) >> 12; lfix = (libver & 0x000ff000) >> 12; if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c index 5d019b598..58474873d 100644 --- a/openbsd-compat/regress/opensslvertest.c +++ b/openbsd-compat/regress/opensslvertest.c @@ -35,6 +35,7 @@ struct version_test { /* built with 1.0.1b release headers */ { 0x1000101fL, 0x1000101fL, 1},/* exact match */ + { 0x1000101fL, 0x10001010L, 1}, /* different status: ok */ { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */ { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ -- cgit v1.2.3 From 601332e5cc1198d6dabddc8168249a81c5dc822a Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Sun, 9 Feb 2014 16:10:16 +0000 Subject: Give the ssh-askpass-gnome window a default icon Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch --- contrib/gnome-ssh-askpass2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index 535a69274..e37a13382 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c @@ -211,6 +211,8 @@ main(int argc, char **argv) gtk_init(&argc, &argv); + gtk_window_set_default_icon_from_file ("/usr/share/pixmaps/ssh-askpass-gnome.png", NULL); + if (argc > 1) { message = g_strjoinv(" ", argv + 1); } else { -- cgit v1.2.3 From a88f67584ef5889d95c04b0294e92c11ed4904cd Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 21 Dec 2015 16:08:47 +0000 Subject: Add systemd readiness notification support Bug-Debian: https://bugs.debian.org/778913 Forwarded: no Last-Update: 2017-08-22 Patch-Name: systemd-readiness.patch --- configure.ac | 24 ++++++++++++++++++++++++ sshd.c | 9 +++++++++ 2 files changed, 33 insertions(+) diff --git a/configure.ac b/configure.ac index ce16e7758..de140f578 100644 --- a/configure.ac +++ b/configure.ac @@ -4526,6 +4526,29 @@ AC_ARG_WITH([kerberos5], AC_SUBST([GSSLIBS]) AC_SUBST([K5LIBS]) +# Check whether user wants systemd support +SYSTEMD_MSG="no" +AC_ARG_WITH(systemd, + [ --with-systemd Enable systemd support], + [ if test "x$withval" != "xno" ; then + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) + if test "$PKGCONFIG" != "no"; then + AC_MSG_CHECKING([for libsystemd]) + if $PKGCONFIG --exists libsystemd; then + SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` + SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` + CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" + SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) + SYSTEMD_MSG="yes" + else + AC_MSG_RESULT([no]) + fi + fi + fi ] +) + # Looking for programs, paths and files PRIVSEP_PATH=/var/empty @@ -5332,6 +5355,7 @@ echo " libldns support: $LDNS_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" echo " Solaris privilege support: $SPP_MSG" +echo " systemd support: $SYSTEMD_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/sshd.c b/sshd.c index 1e7ece588..48162b629 100644 --- a/sshd.c +++ b/sshd.c @@ -85,6 +85,10 @@ #include #endif +#ifdef HAVE_SYSTEMD +#include +#endif + #include "xmalloc.h" #include "ssh.h" #include "ssh2.h" @@ -1946,6 +1950,11 @@ main(int ac, char **av) } } +#ifdef HAVE_SYSTEMD + /* Signal systemd that we are ready to accept connections */ + sd_notify(0, "READY=1"); +#endif + /* Accept a connection and return in a forked child */ server_accept_loop(&sock_in, &sock_out, &newsock, config_s); -- cgit v1.2.3 From ebd590550bb09fe129b103994d53143788683d05 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:18 +0000 Subject: Various Debian-specific configuration changes ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. Document all of this. Author: Russ Allbery Forwarded: not-needed Last-Update: 2017-10-04 Patch-Name: debian-config.patch --- readconf.c | 2 +- ssh.1 | 21 +++++++++++++++++++++ ssh_config | 6 +++++- ssh_config.5 | 19 ++++++++++++++++++- sshd_config | 16 ++++++++++------ sshd_config.5 | 22 ++++++++++++++++++++++ 6 files changed, 77 insertions(+), 9 deletions(-) diff --git a/readconf.c b/readconf.c index cd60007f8..f35bde6e6 100644 --- a/readconf.c +++ b/readconf.c @@ -2028,7 +2028,7 @@ fill_default_options(Options * options) if (options->forward_x11 == -1) options->forward_x11 = 0; if (options->forward_x11_trusted == -1) - options->forward_x11_trusted = 0; + options->forward_x11_trusted = 1; if (options->forward_x11_timeout == -1) options->forward_x11_timeout = 1200; /* diff --git a/ssh.1 b/ssh.1 index 8d2b08a29..4e298cb56 100644 --- a/ssh.1 +++ b/ssh.1 @@ -795,6 +795,16 @@ directive in .Xr ssh_config 5 for more information. .Pp +(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension +restrictions by default, because too many programs currently crash in this +mode. +Set the +.Cm ForwardX11Trusted +option to +.Dq no +to restore the upstream behaviour. +This may change in future depending on client-side improvements.) +.Pp .It Fl x Disables X11 forwarding. .Pp @@ -803,6 +813,17 @@ Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. .Pp +(Debian-specific: This option does nothing in the default configuration: it +is equivalent to +.Dq Cm ForwardX11Trusted No yes , +which is the default as described above. +Set the +.Cm ForwardX11Trusted +option to +.Dq no +to restore the upstream behaviour. +This may change in future depending on client-side improvements.) +.Pp .It Fl y Send log information using the .Xr syslog 3 diff --git a/ssh_config b/ssh_config index 1ff999b68..6dd6ecf87 100644 --- a/ssh_config +++ b/ssh_config @@ -17,9 +17,10 @@ # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. -# Host * +Host * # ForwardAgent no # ForwardX11 no +# ForwardX11Trusted yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no @@ -45,3 +46,6 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h + SendEnv LANG LC_* + HashKnownHosts yes + GSSAPIAuthentication yes diff --git a/ssh_config.5 b/ssh_config.5 index 39535c4f8..a27631ae9 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. .Pp +Note that the Debian +.Ic openssh-client +package sets several options as standard in +.Pa /etc/ssh/ssh_config +which are not the default in +.Xr ssh 1 : +.Pp +.Bl -bullet -offset indent -compact +.It +.Cm SendEnv No LANG LC_* +.It +.Cm HashKnownHosts No yes +.It +.Cm GSSAPIAuthentication No yes +.El +.Pp The file contains keyword-argument pairs, one per line. Lines starting with .Ql # @@ -717,11 +733,12 @@ elapsed. .It Cm ForwardX11Trusted If this option is set to .Cm yes , +(the Debian-specific default), remote X11 clients will have full access to the original X11 display. .Pp If this option is set to .Cm no -(the default), +(the upstream default), remote X11 clients will be considered untrusted and prevented from stealing or tampering with data belonging to trusted X11 clients. diff --git a/sshd_config b/sshd_config index 2c48105f8..ed8272f6d 100644 --- a/sshd_config +++ b/sshd_config @@ -57,8 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no @@ -81,16 +82,16 @@ AuthorizedKeysFile .ssh/authorized_keys # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -#UsePAM no +UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no -#X11Forwarding no +X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -#PrintMotd yes +PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no @@ -107,8 +108,11 @@ AuthorizedKeysFile .ssh/authorized_keys # no default banner path #Banner none +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + # override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs diff --git a/sshd_config.5 b/sshd_config.5 index f995e4ab0..c0c4ebd66 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -56,6 +56,28 @@ Arguments may optionally be enclosed in double quotes .Pq \&" in order to represent arguments containing spaces. .Pp +Note that the Debian +.Ic openssh-server +package sets several options as standard in +.Pa /etc/ssh/sshd_config +which are not the default in +.Xr sshd 8 : +.Pp +.Bl -bullet -offset indent -compact +.It +.Cm ChallengeResponseAuthentication No no +.It +.Cm X11Forwarding No yes +.It +.Cm PrintMotd No no +.It +.Cm AcceptEnv No LANG LC_* +.It +.Cm Subsystem No sftp /usr/lib/openssh/sftp-server +.It +.Cm UsePAM No yes +.El +.Pp The possible keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive): -- cgit v1.2.3 From 1af6147744892b18e2239c085abe87f5408cbaae Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 5 Mar 2017 02:02:11 +0000 Subject: Restore reading authorized_keys2 by default Upstream seems to intend to gradually phase this out, so don't assume that this will remain the default forever. However, we were late in adopting the upstream sshd_config changes, so it makes sense to extend the grace period. Bug-Debian: https://bugs.debian.org/852320 Forwarded: not-needed Last-Update: 2017-03-05 Patch-Name: restore-authorized_keys2.patch --- sshd_config | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sshd_config b/sshd_config index ed8272f6d..ee9629102 100644 --- a/sshd_config +++ b/sshd_config @@ -36,9 +36,8 @@ #PubkeyAuthentication yes -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none -- cgit v1.2.3 From 9fa2ceb14b6e7e5e902cff416bc9ad3963be9883 Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Tue, 9 May 2017 10:53:04 -0300 Subject: Allow flock and ipc syscall for s390 architecture In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock and ipc calls, because this engine calls OpenCryptoki (a PKCS#11 implementation) which calls the libraries that will communicate with the crypto cards. OpenCryptoki makes use of flock and ipc and, as of now, this is only need on s390 architecture. Signed-off-by: Eduardo Barretto Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618 Last-Update: 2018-10-19 Patch-Name: seccomp-s390-flock-ipc.patch --- sandbox-seccomp-filter.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 5edbc6946..d4bc20828 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -166,6 +166,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_exit_group SC_ALLOW(__NR_exit_group), #endif +#if defined(__NR_flock) && defined(__s390__) + SC_ALLOW(__NR_flock), +#endif #ifdef __NR_futex SC_ALLOW(__NR_futex), #endif @@ -193,6 +196,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_getuid32 SC_ALLOW(__NR_getuid32), #endif +#if defined(__NR_ipc) && defined(__s390__) + SC_ALLOW(__NR_ipc), +#endif #ifdef __NR_madvise SC_ALLOW(__NR_madvise), #endif -- cgit v1.2.3 From 9d4508c5c1d6466c662befcb26aff09f41966102 Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Tue, 9 May 2017 13:33:30 -0300 Subject: Enable specific ioctl call for EP11 crypto card (s390) The EP11 crypto card needs to make an ioctl call, which receives an specific argument. This crypto card is for s390 only. Signed-off-by: Eduardo Barretto Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618 Last-Update: 2017-08-28 Patch-Name: seccomp-s390-ioctl-ep11-crypto.patch --- sandbox-seccomp-filter.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index d4bc20828..ef4de8c65 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -256,6 +256,8 @@ static const struct sock_filter preauth_insns[] = { SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK), SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), + /* Allow ioctls for EP11 crypto card on s390 */ + SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB), #endif #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT) /* -- cgit v1.2.3 From 9c01e0ae9889c05bfe68b2f1f1c5e5019e63ff0b Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Thu, 30 Aug 2018 00:58:56 +0100 Subject: Work around conch interoperability failure Twisted Conch fails to read private keys in the new format (https://twistedmatrix.com/trac/ticket/9515). Work around this until it can be fixed in Twisted. Forwarded: not-needed Last-Update: 2018-08-30 Patch-Name: conch-old-privkey-format.patch --- regress/Makefile | 5 +++-- regress/conch-ciphers.sh | 2 +- regress/test-exec.sh | 12 ++++++++++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index 925edf71a..6fdfcc8ca 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -110,8 +110,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ modpipe netcat no_identity_config \ pidfile putty.rsa2 ready regress.log \ remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \ - rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ - rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ + rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \ + rsa_oldfmt rsa_oldfmt.pub \ + rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh index 199d863a0..c7df19fd4 100644 --- a/regress/conch-ciphers.sh +++ b/regress/conch-ciphers.sh @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ rm -f ${COPY} # XXX the 2nd "cat" seems to be needed because of buggy FD handling # in conch - ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ + ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER -e none \ --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} if [ $? -ne 0 ]; then diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b8e2009de..08338121b 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no if test -x "$CONCH" ; then REGRESS_INTEROP_CONCH=yes fi +case "$SCRIPT" in +*conch*) ;; +*) REGRESS_INTEROP_CONCH=no +esac + +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then + # Convert rsa key to old format to work around + # https://twistedmatrix.com/trac/ticket/9515 + cp $OBJ/rsa $OBJ/rsa_oldfmt + cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null +fi # If PuTTY is present and we are running a PuTTY test, prepare keys and # configuration -- cgit v1.2.3 From 7d50f9e5be88179325983a1f58c9d51bb58f025a Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 8 Apr 2019 10:46:29 +0100 Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for" This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379. The IPQoS default changes have some unfortunate interactions with iptables (see https://bugs.debian.org/923880) and VMware, so I'm temporarily reverting them until those have been fixed. Bug-Debian: https://bugs.debian.org/923879 Bug-Debian: https://bugs.debian.org/926229 Bug-Ubuntu: https://bugs.launchpad.net/1822370 Last-Update: 2019-04-08 Patch-Name: revert-ipqos-defaults.patch --- readconf.c | 4 ++-- servconf.c | 4 ++-- ssh_config.5 | 6 ++---- sshd_config.5 | 6 ++---- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/readconf.c b/readconf.c index f35bde6e6..2ba312441 100644 --- a/readconf.c +++ b/readconf.c @@ -2165,9 +2165,9 @@ fill_default_options(Options * options) if (options->visual_host_key == -1) options->visual_host_key = 0; if (options->ip_qos_interactive == -1) - options->ip_qos_interactive = IPTOS_DSCP_AF21; + options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) - options->ip_qos_bulk = IPTOS_DSCP_CS1; + options->ip_qos_bulk = IPTOS_THROUGHPUT; if (options->request_tty == -1) options->request_tty = REQUEST_TTY_AUTO; if (options->proxy_use_fdpass == -1) diff --git a/servconf.c b/servconf.c index 8d2bced52..365e6ff1e 100644 --- a/servconf.c +++ b/servconf.c @@ -423,9 +423,9 @@ fill_default_server_options(ServerOptions *options) if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; if (options->ip_qos_interactive == -1) - options->ip_qos_interactive = IPTOS_DSCP_AF21; + options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) - options->ip_qos_bulk = IPTOS_DSCP_CS1; + options->ip_qos_bulk = IPTOS_THROUGHPUT; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) diff --git a/ssh_config.5 b/ssh_config.5 index a27631ae9..a9f6d906f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -1098,11 +1098,9 @@ If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. The default is -.Cm af21 -(Low-Latency Data) +.Cm lowdelay for interactive sessions and -.Cm cs1 -(Lower Effort) +.Cm throughput for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. diff --git a/sshd_config.5 b/sshd_config.5 index c0c4ebd66..e5380f5dc 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -886,11 +886,9 @@ If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. The default is -.Cm af21 -(Low-Latency Data) +.Cm lowdelay for interactive sessions and -.Cm cs1 -(Lower Effort) +.Cm throughput for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to allow keyboard-interactive authentication. -- cgit v1.2.3